GMER 2.1.19324 - http://www.gmer.net Rootkit scan 2014-01-18 21:45:05 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM040HI rev.YA100-04 37,26GB Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\uxtdqpob.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF59AEAD0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF59AF5AE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xF59F37D0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xF59BB5E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF59BB62C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF59BB7C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xF59F3184] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xF59BB54E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xF59BB670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF59BB596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xF59AFAE4] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xF59BB780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF59B039C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF59AEB36] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xF59F3E96] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF59F414C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF59B3B32] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF59F3D01] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF59F3B6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xF59AE71E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF5C24466] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF59AEB9C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF59B3F28] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF59B0E2C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xF59BB60A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF59BB64E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF59BB7EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xF59F34E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xF59BB574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xF59B342C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xF59BB6FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF59BB5BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xF59B3814] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xF59BB7A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF5C2420A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xF59F39E7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xF59B0CF8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF59F3839] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF59B084E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xF5C321EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xF59F27CA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF59AEC02] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF59AEC68] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xF59B0216] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF59AE7B8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF59AE98E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xF59F3F9D] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF59AE91C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF59B0566] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xF59B06C8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF59AEA16] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF59B0054] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xF59B01F6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xF59AECCE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF59AF60A] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 70 804E2644 4 Bytes JMP 873DF59A .text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, B7, 9B, F5] .text ntoskrnl.exe!_abnormal_termination + 34C 804E2920 4 Bytes [EA, 21, C3, F5] .text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [02, EC, 9A, F5, 68, EC, 9A, ...] .text ntoskrnl.exe!_abnormal_termination + 430 804E2A04 4 Bytes JMP F3B81FA3 .text ... PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL F59B14FD \??\C:\WINDOWS\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[176] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastUI.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----