GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-24 22:30:13 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST500LT012-1DG142 rev.1003YAM1 465,76GB Running: i1ji1b4j.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\pwrirpow.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbf346002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2516] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb92cb8ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbf346002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbf346006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbf32e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2832] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb92cb8ce4] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\chrome_child.dll IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNEL32.DLL[ntdll.dll!NtSetValueKey] [7ffbaf2cd930] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [7ffbaf2b94c0] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [7ffbaf2bcd10] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [7ffbaf2b94c0] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [7ffbaf2bcd10] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetValueKey] [7ffbaf2cd930] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtSetValueKey] [7ffbaf2cd930] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtCreateFile] [7ffbaf2bcd10] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtSetValueKey] [7ffbaf2cd930] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [7ffbaf2b94c0] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtCreateFile] [7ffbaf2bcd10] IAT C:\Windows\system32\SearchFilterHost.exe[3636] @ C:\Windows\SYSTEM32\shcore.dll[ntdll.dll!NtCreateFile] [7ffbaf2bcd10] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [576:600] fffff960009692d0 ---- Processes - GMER 2.2 ---- Library C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe (*** suspicious ***) @ C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe [4160] (AntiMalware Definition Update/Microsoft Corporation SIGNED)(2016-09-24 16:39:11) 00007ff704960000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStopTime 0x23 0x29 0xD7 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\PnP@DisableLKG 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1936532163 Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\3010b35f73b8 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?So?, ?wrz ?24 ?16, 06:24:04??????K???????K???????????????K???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13277 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 8169 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\System32\LogFiles\Scm\75c41ad5-9785-4ef0-b606-e4d419a18da0 28 bytes File C:\Windows\System32\LogFiles\Scm\1aff1282-038a-44a7-b4ab-0fce3e5b8474 28 bytes ---- EOF - GMER 2.2 ----