GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-18 12:24:09 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c GOODRAM_CX100 rev.SAFM11.0 111,79GB Running: zcbzejjl.exe; Driver: C:\Users\user\AppData\Local\Temp\kfdcaaob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [560:592] fffff961d0317300 Thread C:\WINDOWS\Explorer.EXE [3988:5836] 00007ffbf13501b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1036:4760] 000000000033504e Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1036:5828] 00000000747a4300 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:6408] 00000000002eebce Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:4960] 00000000697da820 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:5764] 0000000066283f60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:2420] 00000000747a4300 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:6132] 000000006ab185c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:6128] 0000000066283f60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:6124] 00000000662ee1f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1392:3320] 0000000066283f60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:1920] 0000000000f2088f Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:3456] 0000000070ed2e40 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:1772] 0000000070ed2e40 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:488] 0000000070ed2e40 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:7164] 0000000073f91fa0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:6488] 0000000071d6fb80 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:2144] 0000000071d2bbc0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:2072] 0000000071d3e950 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:5520] 000000006fe77140 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:6004] 000000006fe77140 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:5504] 000000006fe77140 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:5536] 000000006fe74df0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:8660] 0000000071d6fb80 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:9128] 0000000071d6fb80 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:4820] 0000000071d1c490 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:8136] 0000000071d1cda0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4840:7108] 0000000074027c10 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1916636316 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0cd292a92157 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\26@Timestamp 0xA9 0xDF 0x81 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8043 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26637364-6a88-4be2-8c8f-d39c2fede14e}@LeaseObtainedTime 1471512372 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26637364-6a88-4be2-8c8f-d39c2fede14e}@T1 1471641972 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26637364-6a88-4be2-8c8f-d39c2fede14e}@T2 1471739172 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26637364-6a88-4be2-8c8f-d39c2fede14e}@LeaseTerminatesTime 1471771572 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CachePrefix :2016071120160718: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016071120160718 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016071120160718 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071120160718@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CachePrefix :2016071820160725: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016071820160725 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016071820160725 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016071820160725@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CachePrefix :2016080120160802: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080120160802 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080120160802 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080120160802@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CachePrefix :2016080220160803: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080220160803 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080220160803 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080220160803@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CachePrefix :2016080320160804: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080320160804 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080320160804 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080320160804@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CachePrefix :2016080420160805: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080420160805 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080420160805 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080420160805@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CachePrefix :2016080520160806: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080520160806 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080520160806 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080520160806@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CachePrefix :2016080620160807: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CachePath C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016080620160807 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012016080620160807 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016080620160807@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\111a397d@NotificationsCount 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\3c0b458d@NotificationsCount 2 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\ba2f12e@NotificationsCount 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@9 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk?C:\Program Files\VideoLAN\VLC\vlc.exe?--reset-config --reset-plugins-cache vlc://quit? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@10 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk?C:\Program Files\VideoLAN\VLC\vlc.exe?-Iskins? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@11 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk?C:\Program Files\VideoLAN\VLC\vlc.exe?? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@12 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk?C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe?? ---- EOF - GMER 2.2 ----