GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-08 14:32:07 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS541680J9SA00 rev.SB2OC7KP 74,53GB Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kflcqfog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA7DFAACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA82CB31C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA7DFB5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA7E41620] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA7E076A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA7E076EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA7E07886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA7E40FD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA7E0760E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA7E07730] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA7E07656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA7DFBAE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA7E07840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA7DFC398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA7DFAB32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA7E41CE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA7E41F9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA7DFFBEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA7E41B51] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA7E419BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA82CB3F4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA7DFA71E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA82CB7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA7DFAB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA7DFFFE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA7DFCEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA7E076CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA7E0770E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA7E078AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA7E41330] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA7E07634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA7DFF4E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA7E077BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA7E0767E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA7DFF8CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA7E07864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA82CB574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA7E41837] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA7DFCCF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA7E41689] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA7DFC84A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA82D8D2C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA82D9698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA7E40617] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA7DFABFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA7DFAC64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA7DFC212] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA7DFA7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA7DFA98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA7E41DED] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA7DFA918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA7DFC562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA7DFC6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA7DFAA12] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA7DFC050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA7DFC1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA82C87BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA7DFACCA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA7DFB606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504680 4 Bytes JMP 96A7DFFB .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [FE, AB, DF, A7, 64, AC, DF, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [62, C5, DF, A7, C4, C6, DF, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A7DFD5AD \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1084] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1820] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 1003B000 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!SetWindowRgn + 2BD 7E42E7E5 7 Bytes JMP 1003AC50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!SetClipboardData + 19D 7E43113B 7 Bytes JMP 1003ABC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!MessageBoxA + 49 7E450833 7 Bytes JMP 1003AF00 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!MessageBoxExW + 1F 7E450857 7 Bytes JMP 1003ADF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2276] USER32.dll!MessageBoxTimeoutA + CA 7E4664D0 7 Bytes JMP 1003AF50 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 005062E0 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 0050623C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 0050626F C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00506217 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 005061BA C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 005061DF C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 005062A9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2708] USER32.dll!EnableScrollBar 7E468005 5 Bytes JMP 00506314 C:\Program Files\CCleaner\CCleaner.exe .text C:\WINDOWS\system32\SearchIndexer.exe[3860] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1760] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1760] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5749 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81D74DC3-CCD2-467F-898A-C63D63A9C767}@DhcpRetryStatus 0 ---- EOF - GMER 2.1 ----