GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-31 12:00:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000DM003-1ER162 rev.CC43 931,51GB Running: yxjwxc48.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\ufldypob.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\apphelp.dll [4992] entry point in ".rdata" section 0000000073b9f7c0 ? C:\Windows\SYSTEM32\iertutil.dll [4992] entry point in ".rdata" section 0000000072cd1350 ? C:\Windows\system32\wbem\wbemsvc.dll [4992] entry point in ".rdata" section 000000006be78fc0 ? C:\Windows\SYSTEM32\NTASN1.dll [4992] entry point in ".rdata" section 000000006abfa020 ? C:\Windows\system32\ncryptsslp.dll [4992] entry point in ".rdata" section 000000006abd04f0 ? C:\Windows\SYSTEM32\PhotoMetadataHandler.dll [4992] entry point in ".rdata" section 00000000695c5d20 ? C:\Windows\System32\OneCoreCommonProxyStub.dll [4992] entry point in ".rdata" section 000000006957da90 ? C:\Windows\System32\ieproxy.dll [4992] entry point in ".rdata" section 0000000065529520 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007fff218c9e70 5 bytes JMP 00007fff1adab970 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff21965350 16 bytes {MOV RAX, 0x7fff05bd8d50; JMP RAX} ? C:\Windows\system32\apphelp.dll [6920] entry point in ".rdata" section 0000000073b9f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff2180002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffef4f33294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff2180002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1904] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffef4f33294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff2180002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffef4f33294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7fff1f06012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff2180002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\SHELL32.dll[USER32.dll!GetMonitorInfoW] [7fff1f06012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\SHELL32.dll[USER32.dll!EnumDisplayMonitors] [7fff1f06006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\IMM32.DLL[USER32.dll!GetMonitorInfoW] [7fff1f06012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!GetMonitorInfoW] [7fff1f06012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!EnumDisplayMonitors] [7fff1f06006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff2180006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff1f06002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!GetMonitorInfoW] [7fff1f06012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3\COMCTL32.dll[USER32.dll!EnumDisplayMonitors] [7fff1f06006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffef4f33294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5fae\gdiplus.dll[GDI32.dll!GetStockObject] [7fff2180006c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [612:720] fffff4e4bb136c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1259961797 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x23 0xD4 0xAC 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x23 0x3C 0x71 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x23 0x6C 0xE8 0xB0 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x62 0x29 0x03 0x30 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0x0B 0x27 0xE1 0x91 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@LastAccessedTime 0x20 0x0B 0xE8 0x6E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@AppId {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\SystemPropertiesComputerName.exe Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@Latitude 0x3B 0xDF 0x4F 0x8D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@Longitude 0x4F 0xAF 0x94 0x65 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2F0504E3-1308-4BEC-A482-57049543FE85}@AccuracyInMeters 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{873A8A05-03AF-47E6-A6B5-29F0DD847F33}@LastAccessedTime 0xC0 0x44 0xAF 0xEB ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{873A8A05-03AF-47E6-A6B5-29F0DD847F33}@LaunchCount 44 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}@LastAccessedTime 0x70 0xAA 0xE0 0x91 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}@LaunchCount 20 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB}@Path C:\Users\Tomek\Desktop\GMER-Laptop.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB}@DisplayName GMER-Laptop Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{7067531F-FB38-45EB-85EC-1262E9F761CB}@Points 0x00 0x00 0x00 0x00 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1}@Path E:\tomcio\Tomek\Tomek Dokumenty\Zdj?cia\?eba\allegro!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1}@DisplayName allegro!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{ECA3C523-3B1A-458F-A020-B2CFA091460C}\RecentItems\{D5274231-6108-461A-8DAF-83967E5823E1}@Points 0x00 0x00 0x00 0x00 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----