GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-14 12:51:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: gmer.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\fxlyrpog.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [660:684] fffff960009b12d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5904:5908] 0000000001331539 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5904:6056] 000000006294f8b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5904:6060] 000000006294e8a0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5904:6064] 000000006294f2e0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:3772] 00000000004098ce Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:6004] 00000000710b67ce Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:6000] 0000000071048104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5288] 0000000071048104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:1752] 00000000631ec1f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5996] 000000005cfa8bce Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5932] 0000000071048104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5736] 0000000071048104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5796] 000000007100ae50 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5792] 0000000071048104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5744] 0000000070fd6939 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3780:5884] 0000000074973730 ---- Processes - GMER 2.1 ---- Process C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (FILE NOT FOUND) 0000000000400000 Library c:\users\lenovo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcfbqe6.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832](2015-05-14 10:12:33) 0000000002da0000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000060d10000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 00000000058f0000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000608f0000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060600000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832](2015-03-04 21:45:30) 0000000062380000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060420000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005f430000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005f210000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005efb0000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000062350000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832](2015-03-04 21:45:30) 0000000062340000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000062310000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000622d0000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000062230000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832](2015-03-04 21:45:30) 0000000062150000 Library C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe [5832](2015-03-04 21:45:30) 000000005ef70000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----