GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-10 18:58:13 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b GOODRAM rev.SAFM22.3 223,57GB Running: seyijc4i.exe; Driver: C:\Users\UKASZ~1\AppData\Local\Temp\pxldquog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1132] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter 00007ff8ab440d80 4 bytes [C3, 00, 00, 00] ? C:\Windows\system32\apphelp.dll [2928] entry point in ".rdata" section 000000006ae80ab0 ? C:\Windows\system32\apphelp.dll [7636] entry point in ".rdata" section 000000006ae80ab0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff8ead4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff8ed39002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff8ed39002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ff8ed39002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff8ead4006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff8ed39002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6892] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff8722aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [744:856] 00007ff8a8833ac0 Thread C:\Windows\system32\svchost.exe [744:860] 00007ff8a8832c10 Thread C:\Windows\system32\svchost.exe [744:944] 00007ff8a8558cc0 Thread C:\Windows\System32\svchost.exe [80:2868] 00007ff89f71b480 Thread C:\Windows\System32\svchost.exe [80:2880] 00007ff89f71e240 Thread C:\Windows\System32\svchost.exe [80:8172] 00007ff8861d3560 Thread C:\Windows\System32\svchost.exe [80:5556] 00007ff8861d26d0 Thread C:\Windows\system32\svchost.exe [360:816] 00007ff89f9d2b70 Thread C:\Windows\system32\svchost.exe [360:2280] 00007ff89f651a50 Thread C:\Windows\system32\svchost.exe [360:6508] 00007ff89ea033d0 Thread C:\Windows\System32\spoolsv.exe [1700:4720] 00007ff89c526160 Thread C:\Windows\System32\spoolsv.exe [1700:4724] 00007ff89c451010 Thread C:\Windows\System32\spoolsv.exe [1700:4768] 00007ff887c41180 Thread C:\Windows\System32\spoolsv.exe [1700:4772] 00007ff886f77330 Thread C:\Windows\system32\svchost.exe [1708:2968] 00007ff897d51ce0 Thread C:\Windows\system32\svchost.exe [1708:3276] 00007ff893383ce0 Thread C:\Windows\system32\svchost.exe [1708:6140] 00007ff893382270 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:2744] 00007ff89ecb38f0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:2748] 00007ff89ecb6250 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:2780] 00007ff89ecb38f0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:3068] 00007ff89697502c Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:7860] 00007ff89ecb38f0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:7260] 00007ff89ecb38f0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:3288] 00007ff89ecb38f0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1904:5348] 00007ff89ecb38f0 Thread C:\Windows\system32\svchost.exe [2240:5680] 00007ff89c526160 Thread C:\Windows\system32\svchost.exe [2240:1992] 00007ff89c451010 Thread C:\Windows\system32\csrss.exe [472:8208] fffff96176167300 Thread C:\Windows\system32\sihost.exe [664:6240] 00007ff895fc2da0 Thread C:\Windows\system32\sihost.exe [664:3104] 00007ff895fc2da0 Thread C:\Windows\Explorer.EXE [3540:4448] 00007ff87e789f30 Thread C:\Windows\Explorer.EXE [3540:940] 00007ff896e23930 Thread [908:7888] 00007ff871baebc4 Thread [908:8968] 00007ff8ad519110 Thread [908:8732] 00007ff871baebc4 Thread [908:7628] 00007ff871baebc4 Thread [908:7880] 00007ff871baebc4 Thread [908:4660] 00007ff871baebc4 Thread [908:3832] 00007ff871baebc4 Thread [908:3016] 00007ff871baebc4 Thread [908:4500] 00007ff8ad519110 Thread [908:8184] 00007ff871baebc4 Thread [908:200] 00007ff8ad519110 Thread [908:4132] 00007ff8ad519110 Thread [908:7136] 00007ff8ad519110 Thread [1912:7948] 00007ff871baebc4 Thread [1912:6920] 00007ff8ad519110 Thread [1912:2012] 00007ff871baebc4 Thread [1912:1116] 00007ff871baebc4 Thread [1912:1040] 00007ff871baebc4 Thread [1912:8636] 00007ff871baebc4 Thread [1912:8792] 00007ff871baebc4 Thread [1912:3536] 00007ff871baebc4 Thread [1912:8744] 00007ff871baebc4 Thread [1912:9048] 00007ff871baebc4 Thread [1912:1876] 00007ff8ad519110 Thread [1912:828] 00007ff8ad519110 Thread [1912:7908] 00007ff8ad519110 Thread [1912:4444] 00007ff8ad519110 Thread [1912:1044] 00007ff8ad519110 Thread [1912:1096] 00007ff871baebc4 Thread [1912:936] 00007ff87224cc9c Thread [1912:8428] 00007ff87224cc9c Thread [8812:3680] 00007ff871baebc4 Thread [8812:1612] 00007ff8ad519110 Thread [8812:8316] 00007ff871baebc4 Thread [8812:4900] 00007ff871baebc4 Thread [8812:4396] 00007ff871baebc4 Thread [8812:1312] 00007ff871baebc4 Thread [8812:6408] 00007ff871baebc4 Thread [8812:4472] 00007ff871baebc4 Thread [8812:8816] 00007ff871baebc4 Thread [8812:5024] 00007ff871baebc4 Thread [8812:8496] 00007ff8ad519110 Thread [8812:572] 00007ff8ad519110 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????????????????????? ????????????????????????????????????????r?????? ??????????????????????????????????????????? ?????????????????????????????????????????????????I?=??? ???????????????????????????????????????t??????????? ????????S???????????????L?????????????s???? ??????????????????????????????b???&??????????????????????????@?????????????????x?????????? ??????????? ??????????????????????????????????????? ???????????????????????????????s???XboxComposite?????????????????b???????????c?????@dc1-controller.inf,%ClassName%;Xbox Peripherals????????????????????-24???????P?????????????%SystemRoot%\System32\setupapi.dll,-24???????S??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????I????????????????????&?????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN15CB0_02_07DE_39^CD666A495754676FE0B9F18B19C221A1@Timestamp 0x90 0x8B 0xC5 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1632359436 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e353e9c65 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1965 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 671 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8446d4ce-0906-4da6-bdff-2e8c0e78fd5f}@LeaseObtainedTime 1473519507 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8446d4ce-0906-4da6-bdff-2e8c0e78fd5f}@T1 1473523107 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8446d4ce-0906-4da6-bdff-2e8c0e78fd5f}@T2 1473525807 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8446d4ce-0906-4da6-bdff-2e8c0e78fd5f}@LeaseTerminatesTime 1473526707 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 95 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----