GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-19 11:17:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: zd71854y.exe; Driver: C:\Users\Ilona\AppData\Local\Temp\kfrdrpog.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [552:580] fffff960008aa2d0 Thread C:\WINDOWS\Explorer.EXE [3924:6156] 00007ffe3001e630 Thread C:\Windows\System32\SettingSyncHost.exe [3716:4116] 00007ffe30a77470 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Application Hosting\Application Hosting.exe (*** suspicious ***) @ C:\ProgramData\Application Hosting\Application Hosting.exe [1728](2015-08-12 11:33:36) 0000000000d80000 Process C:\ProgramData\Tristip\Tristip.exe (*** suspicious ***) @ C:\ProgramData\Tristip\Tristip.exe [2264](2015-08-18 11:34:08) 0000000000ef0000 Process C:\ProgramData\Tristip\yjamyu3e.exe (*** suspicious ***) @ C:\ProgramData\Tristip\yjamyu3e.exe [5972](2015-08-19 07:57:52) 0000000000400000 Library C:\ProgramData\Tristip\hbzuoa1d.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [7108](2015-08-19 07:57:52) 0000000066430000 Process C:\Users\Ilona\AppData\Local\Microsoft\Windows\INetCache\IE\THHMD8KF\zd71854y.exe (*** suspicious ***) @ C:\Users\Ilona\AppData\Local\Microsoft\Windows\INetCache\IE\THHMD8KF\zd71854y.exe [4904](2015-08-19 09:01:33) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----