GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-26 20:48:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: e7wk9d19.exe; Driver: C:\Users\Arekcipa\AppData\Local\Temp\kfndykob.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\SYSTEM32\NTASN1.dll [1536] entry point in ".rdata" section 0000000073005630 ? C:\Windows\SYSTEM32\iertutil.dll [1768] entry point in ".rdata" section 0000000072736c20 ? C:\Windows\SYSTEM32\NTASN1.dll [3524] entry point in ".rdata" section 0000000073005630 ? C:\Windows\system32\apphelp.dll [3524] entry point in ".rdata" section 00000000634d0aa0 ? C:\Windows\SYSTEM32\NTASN1.dll [3904] entry point in ".rdata" section 0000000073005630 ? C:\Windows\SYSTEM32\iertutil.dll [3904] entry point in ".rdata" section 0000000072736c20 ? C:\Windows\SYSTEM32\NTASN1.dll [6552] entry point in ".rdata" section 0000000073005630 ? C:\Windows\SYSTEM32\iertutil.dll [6552] entry point in ".rdata" section 0000000072736c20 ? C:\Windows\SYSTEM32\iertutil.dll [4960] entry point in ".rdata" section 0000000072736c20 ? C:\Windows\system32\apphelp.dll [4960] entry point in ".rdata" section 00000000634d0aa0 ? C:\Windows\system32\apphelp.dll [5468] entry point in ".rdata" section 00000000634d0aa0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff6fe3002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff438a27c0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff6fe3002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4412] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff438a27c0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff6fe3002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff6fe3006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff7049002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff438a27c0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll ---- Devices - GMER 2.2 ---- Device \Driver\DREAM \Device\DREAM ffffe0005787a000 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [540:2200] fffff960fdc07300 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1610701097 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\689423f0f1d1 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@FailureCommand C:\Windows\system32\mrt.exe /EHB /ServiceFailure "CAMP=4.8.10240.17354;approximate-> Engine=1.1.13701.0;AVSIG=1.241.394.0;ASSIG=1.241.394.0" /StartService /Defender /q Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\487 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\487@ImageFileUri file://C:\Users\Arekcipa\AppData\Local\Microsoft\Windows\ActionCenterCache\{2C7290D4-8433-4C06-A7D2-11F38EF8C853}.png Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x3D 0x72 0xEF 0x61 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----