GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-30 23:23:22 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 WDC_WD5000BPVT-22HXZT1 rev.01.01A01 465,76GB Running: jnz6zery.exe; Driver: C:\Users\Renia\AppData\Local\Temp\kxldrpob.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [6712:2940] fffff960009732d0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1132] (WindowsProtectManger Service/Fuyu LIMITED)(2014-12-17 22:11:44) 0000000001290000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 867188146 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4887 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B608CC98-54DE-4775-96C9-097DE398500C} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B608CC98-54DE-4775-96C9-097DE398500C}@Flags 1024 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0}@Flags 64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\iexplore@Count 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore@Type 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore@Flags 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore@Count 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore@Time 0xDF 0x07 0x04 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}\iexplore@LoadTimeArray 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0}\iexplore Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0}\iexplore@Type 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBAE01D2-61FD-4F12-BEFC-202B09DC09C0}\iexplore@Flags 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 9 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501@CachePrefix :2015043020150501: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015043020150501 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015043020150501@CacheLimit 1 ---- EOF - GMER 2.1 ----