GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-28 17:52:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c IRIDIUM_PRO rev.SAFM01.7 223,57GB Running: rmq2tm48.exe; Driver: C:\Users\Jakub\AppData\Local\Temp\pwliypow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000a8d00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000a8d10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe0037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc61e2730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5056] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe0037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc61e2730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2856] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe0037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc61e2730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9932] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe0037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc61e2730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe0037006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9828] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffdfe4a002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [540:3952] fffff960009942d0 Thread C:\Windows\Explorer.EXE [2844:2336] 00007ffdea42e630 ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (*** hidden *** ) [MANUAL] MozillaMaintenance <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1027439076 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells 8 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells 8 ---- EOF - GMER 2.2 ----