GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-06 11:39:09 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB Running: 7worcr2q.exe; Driver: C:\Users\Biuro2\AppData\Local\Temp\uglcqpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[776] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter 00007ffee9c247d0 4 bytes [C3, 00, 00, 00] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1228] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1868] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2916] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4076] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4076] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[832] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[620] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[620] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[620] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3156] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3156] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3156] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3156] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2800] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2b45002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3068] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffed0d86860] C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [476:500] fffff960008d52d0 Thread C:\Windows\Explorer.EXE [1232:1448] 00007ffee06355f0 Thread C:\Windows\Explorer.EXE [1232:1664] 00007ffee00b3e50 Thread C:\Windows\Explorer.EXE [1232:1880] 00007ffedf9d9b10 Thread C:\Windows\Explorer.EXE [1232:1956] 00007ffedf9d9b10 Thread C:\Windows\Explorer.EXE [1232:1644] 00007ffedf9d9b10 Thread C:\Windows\Explorer.EXE [1232:2060] 00007ffee2ef4550 Thread C:\Windows\Explorer.EXE [1232:2176] 00007ffedc1e2710 Thread C:\Windows\Explorer.EXE [1232:760] 00007ffee00702a0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 2064195271 ---- EOF - GMER 2.2 ----