GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-03 09:50:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000021 rev. 0,00MB Running: v78gtt7i.exe; Driver: C:\Users\J\AppData\Local\Temp\fxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600023e600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600023e610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [1568:5356] fffff960009c62d0 Thread C:\WINDOWS\Explorer.EXE [4500:4488] 00007fff71485060 Thread C:\WINDOWS\Explorer.EXE [4500:5328] 00007fff81411fe0 Thread C:\WINDOWS\Explorer.EXE [4500:3516] 00007fff7665bc30 Thread C:\WINDOWS\Explorer.EXE [4500:5492] 00007fff74439970 Thread C:\WINDOWS\Explorer.EXE [4500:1992] 00007fff7443e630 Thread C:\WINDOWS\Explorer.EXE [4500:2180] 00007fff7a6028c0 Thread C:\WINDOWS\Explorer.EXE [4500:5220] 00007fff7443e630 Thread C:\WINDOWS\system32\rundll32.exe [3940:996] 00007fff78e44dd8 Thread C:\WINDOWS\system32\rundll32.exe [3940:1560] 00007fff73c40e28 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----