GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-23 20:29:55 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 GOODRAM rev.SAFM22.3 223,57GB Running: pbk878e7.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwlyypow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [1596] entry point in ".rdata" section 0000000072318fc0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [1792] entry point in ".rdata" section 000000007029a020 ? C:\WINDOWS\system32\ncryptsslp.dll [1792] entry point in ".rdata" section 00000000702704f0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2368] entry point in ".rdata" section 0000000072318fc0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [4648] entry point in ".rdata" section 000000007029a020 ? C:\WINDOWS\system32\ncryptsslp.dll [4648] entry point in ".rdata" section 00000000702704f0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6684] entry point in ".rdata" section 000000006fe91590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6684] entry point in ".rdata" section 000000007029a020 ? C:\WINDOWS\system32\ncryptsslp.dll [6684] entry point in ".rdata" section 00000000702704f0 ? C:\WINDOWS\system32\apphelp.dll [8348] entry point in ".rdata" section 000000006e51f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcb34e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc88fe1ca8] C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcb34e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2872] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc88fe1ca8] C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcb34e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcb34e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcb317002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[376] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc88fe1ca8] C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [664:792] ffffe2ae64f36c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x94 0x21 0xCE 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x4B 0xC0 0xC4 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x94 0x21 0xCE 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x4B 0xC0 0xC4 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 36 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM087B0_19_07DB_0D^B0A80E7F7959CF71B7F12205F1766931@Timestamp 0x27 0x3A 0x70 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 752 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3835928 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1532563010 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 36 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 492363160 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 11202 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 11203 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 4e97a1b6-9a33-43e6-b0b3-ef4b127 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e7a831b3-12d7-4321-b068-6afc231e42bf}@LastProbeTime 1482490689 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{CF061415-7BB2-4545-AFA2-6D0DEA95D086}@DefunctTimestamp 0x89 0x1E 0x5D 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5361 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 864 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 35 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2817973b-e4fd-4d45-8d00-3004d0f01f5b}@LeaseObtainedTime 1482497682 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2817973b-e4fd-4d45-8d00-3004d0f01f5b}@T1 1482540882 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2817973b-e4fd-4d45-8d00-3004d0f01f5b}@T2 1482573282 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2817973b-e4fd-4d45-8d00-3004d0f01f5b}@LeaseTerminatesTime 1482584082 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x4B 0xA6 0x10 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x4B 0x0E 0xD5 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x4B 0x3E 0x4C 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 13788 13794 13804 13814 13834 13878 13888 13926 13932 13948 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 13954 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 13955 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 13788 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 13789 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0xEF 0x51 0x89 0x82 ... ---- EOF - GMER 2.2 ----