GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-22 19:05:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 Micron_M600_MTFDDAV256MBF rev.MA01 238,47GB Running: rie17zyg.exe; Driver: C:\Users\barto\AppData\Local\Temp\fgtdqfow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [3300] entry point in ".rdata" section 00000000723a3570 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3300] entry point in ".rdata" section 000000007123a020 ? C:\WINDOWS\system32\ncryptsslp.dll [3300] entry point in ".rdata" section 000000005db504f0 ? C:\WINDOWS\system32\apphelp.dll [3300] entry point in ".rdata" section 000000006f25f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2036] entry point in ".rdata" section 00000000723a3570 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3316] entry point in ".rdata" section 00000000723a3570 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3316] entry point in ".rdata" section 000000007123a020 ? C:\WINDOWS\system32\ncryptsslp.dll [3316] entry point in ".rdata" section 000000005db504f0 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [9968] entry point in ".rdata" section 0000000072cfc940 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [9968] entry point in ".rdata" section 000000006e378fc0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9968] entry point in ".rdata" section 00000000723a3570 ? C:\Windows\System32\smartscreenps.dll [9968] entry point in ".rdata" section 00000000720d58a0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2344] entry point in ".rdata" section 000000007123a020 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [9452] entry point in ".rdata" section 000000007123a020 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9452] entry point in ".rdata" section 00000000723a3570 ? C:\WINDOWS\system32\apphelp.dll [9668] entry point in ".rdata" section 000000006f25f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [5884:2136] fffff3931c1d6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2130519588 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1002b55716d2 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xBC 0x0E 0x7F 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xBC 0x76 0x43 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xBC 0xA6 0xBA 0x56 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xBB 0xF9 0x09 0xC9 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B 0xDD 0xD7 0xE6 0x24 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----