GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-06 13:38:03 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD250HJ rev.FH100-05 232,88GB Running: 5yyc8ou5.exe; Driver: C:\Users\Siwy\AppData\Local\Temp\kxldypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8BC1FACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8BCDC31C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAlpcSendWaitReceivePort [0x8BC22830] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8BC205AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8BC2C67A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8BC2C6C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8BC2C860] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8BC2C5E8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8BCDC6F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8BC2C630] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8BCDC986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8BC2C81A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8BC21398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8BC1FB32] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x8BCDCB74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8BCDC3F4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x8BCD978E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8BCDC7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8BC1FB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8BC24FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8BC21EDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8BC2C6A4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8BC2C6E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8BC2C884] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8BC2C60E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8BC244E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8BC2C798] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8BC2C658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8BC248CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8BC2C83E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8BCDC574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8BC21CF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8BC2184A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePort [0x8BC26F06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwReplyWaitReceivePortEx [0x8BC22804] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8BC1FBFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8BC1FC64] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8BCDC8D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8BC1F7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8BC1F98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8BC1F918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8BC21562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8BC216C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8BC1FA12] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8BCDC642] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8BC211F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8BCD97BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8BC1FCCA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8BCDC4A6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8BCDCA70] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82EE2790 4 Bytes [CC, FA, C1, 8B] .text ntkrnlpa.exe!KeSetEvent + 131 82EE27B4 4 Bytes [1C, C3, CD, 8B] {SBB AL, 0xc3; INT 0x8b} .text ntkrnlpa.exe!KeSetEvent + 181 82EE2804 4 Bytes [30, 28, C2, 8B] .text ntkrnlpa.exe!KeSetEvent + 191 82EE2814 4 Bytes [AA, 05, C2, 8B] .text ntkrnlpa.exe!KeSetEvent + 1D1 82EE2854 8 Bytes [7A, C6, C2, 8B, C6, C6, C2, ...] {JP 0xffffffc8; RET 0xc68b; MOV DL, 0x8b} .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1744] kernel32.dll!SetUnhandledExceptionFilter 75CCA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2356] kernel32.dll!LoadLibraryExW 75CC9374 5 Bytes JMP 00B92AC0 C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2356] kernel32.dll!LoadLibraryExW + 6 75CC937A 1 Byte [CC] {INT 3 } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2384] kernel32.dll!SetUnhandledExceptionFilter 75CCA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe[2560] kernel32.dll!CreateThread + 1A 75CECC08 4 Bytes CALL 0044CD25 C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe .text C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe[5280] kernel32.dll!CreateThread + 1A 75CECC08 4 Bytes CALL 5983DB6D C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp wfdrvr_vt_1_10_0_25.sys AttachedDevice \Driver\tdx \Device\Udp wfdrvr_vt_1_10_0_25.sys ---- EOF - GMER 2.1 ----