GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-13 21:34:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 WDC_WD10EZEX-00BN5A0 rev.01.01A01 931,51GB Running: et0nshzz.exe; Driver: C:\Users\Daroo\AppData\Local\Temp\pxldapog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000f6100 15 bytes [40, 23, ED, 01, 00, BC, 69, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000f6110 8 bytes [00, 96, FC, FF, 00, C1, DD, ...] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [576:1972] fffff960008532d0 Thread C:\WINDOWS\system32\csrss.exe [576:1976] fffff960008532d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x75 0x2E 0x0A 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xE9 0x57 0xFE 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x6B 0x91 0x0C 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x5B 0xBA 0x00 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 169 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0B6E0_33_07DD_89+NOEDID_10DE_1187_00000001_00000000_100100^669BA2874F4F3D4FDA99D18E854E450B@Timestamp 0xE0 0x87 0x13 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 696 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521750 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -14335336 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 176 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 491553007 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 12014 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 10885 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d829cfd3-9c9e-4ff6-91d6-07e7222 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{165e0437-712a-4962-8144-c1af016fde33}@LastProbeTime 1481661160 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService@DisplayName @%SystemRoot%\system32\ncbservice.dll,-500 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Wt?, ?gru ?13 ?16, 08:42:43??????d???????d???????????????d???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8077 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5784 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 171 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7598BB5-4B95-4E63-8716-06AC1CF11053}@LeaseObtainedTime 1481657799 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7598BB5-4B95-4E63-8716-06AC1CF11053}@T1 1481661399 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7598BB5-4B95-4E63-8716-06AC1CF11053}@T2 1481664099 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7598BB5-4B95-4E63-8716-06AC1CF11053}@LeaseTerminatesTime 1481664999 Reg HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost@DisplayName @%systemroot%\system32\wdi.dll,-500 Reg HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@MRUList badce Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C4].txt Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Daroo\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WerFault.exe_4e51fc86de5e364541151a5ff48f6b2def3a6f9_854509c4_cab_04bd5eab ---- Files - GMER 2.2 ---- File C:\Users\Daroo\AppData\Local\Mozilla\Firefox\Profiles\fifwsp6o.default-1466873138281\cache2\entries\69782DA4F76BD72933F557B0C287B313794694CB 332 bytes ---- EOF - GMER 2.2 ----