GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-03 22:12:16 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 HGST_HTS545050A7E680 rev.GG2OAF10 465,76GB Running: ib3nw50b.exe; Driver: C:\Users\Lapp\AppData\Local\Temp\fxldapow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000b3800 15 bytes [C0, BB, ED, 01, 40, 02, 6A, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000b3810 11 bytes [00, 7E, FC, FF, 00, A7, B2, ...] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\dwm.exe[8124] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8b0646d80 10 bytes JMP 00007ff8adc90490 .text C:\WINDOWS\System32\dwm.exe[8124] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8b06555c0 5 bytes JMP 00007ff8adc90458 .text C:\WINDOWS\System32\dwm.exe[8124] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8b0655680 9 bytes JMP 00007ff8adc903e8 .text C:\WINDOWS\System32\dwm.exe[8124] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8b065b080 5 bytes JMP 00007ff8adc90420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8aecc3e10 7 bytes JMP 00007ff8adc103b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8aecc3e20 7 bytes JMP 00007ff8adc103e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff8aed739b0 7 bytes JMP 00007ff8adc10490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8aed73ef0 7 bytes JMP 00007ff8adc10420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8aed73fe0 7 bytes JMP 00007ff8adc10458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8aeda06c0 7 bytes JMP 00007ff8adc10308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8aeda0730 7 bytes JMP 00007ff8adc10378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8aeda0760 7 bytes JMP 00007ff8adc10340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff8adca21d0 5 bytes JMP 00007ff8adc10180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8adca29d0 7 bytes JMP 00007ff8adc100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8adca4310 5 bytes JMP 00007ff8adc10110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8adca8c40 5 bytes JMP 00007ff8adc10148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8b0646d80 10 bytes JMP 00007ff8adc10570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8b06555c0 5 bytes JMP 00007ff8adc10538 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8b0655680 9 bytes JMP 00007ff8adc104c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8b065b080 5 bytes JMP 00007ff8adc10500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff8ae11d050 7 bytes JMP 00007ff8adc10228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8ae14b160 5 bytes JMP 00007ff8adc10260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8b0821500 8 bytes JMP 00007ff8adc101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8b0821750 8 bytes JMP 00007ff8adc101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ff8ab657750 5 bytes JMP 00007ff8ab5900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ff8ab658ee0 5 bytes JMP 00007ff8ab590110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\Windows\System32\d3d9.dll!Direct3DCreate9Ex 00007ff88a34ead0 5 bytes JMP 00007ff8adc102d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5172] C:\Windows\System32\d3d9.dll!Direct3DCreate9 00007ff88a37eb90 6 bytes JMP 00007ff8adc10298 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6720] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7056] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7056] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6476] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6476] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8560] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8864] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8864] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9116] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9116] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff8b07c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff8b0a2002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ff8b07c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7ff8b07c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff8b07c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff8b0a2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7384] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff8b07c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8196] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff87d1f2348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8196] @ C:\Users\Lapp\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7ff8aee0002c] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [7852:7340] fffff9600098d2d0 Thread C:\WINDOWS\system32\csrss.exe [7852:3492] fffff9600098d2d0 Thread C:\WINDOWS\system32\csrss.exe [7852:6516] fffff9600098d2d0 Thread C:\WINDOWS\system32\csrss.exe [7852:8444] fffff9600098d2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1400031567 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\543530059b62 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\543530059b62@00126f9e313e 0x3C 0x0C 0x33 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}\iexplore@Count 128 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@0 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Advanced SystemCare 9.lnk?C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe?/manual? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Advanced SystemCare 9.lnk?C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe?/manual? ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----