GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-01-19 16:20:32 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 VID:15 rev.0.1 29,12GB Running: GMER0rjlcm0e.exe; Driver: C:\Users\a\AppData\Local\Temp\fxtdifow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [516:560] fffff961dc717300 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x38 0x04 0x7E 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xAF 0x91 0xE6 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\IVO048C0_0A_07DF_29^39FD91606EC618A5230DB2D15CCFA701@Timestamp 0xDF 0xF3 0xA2 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 672 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Windows\TEMP\016151~1.EXE??\??\C:\Users\a\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\a\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\a\AppData\Local\Temp\nsx612D.tmp\nsProcess.dll??\??\C:\Users\a\AppData\Local\Temp\nsx612D.tmp\?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1012789181 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 54a10e00-ea39-4170-b1cd-2a7d1a8 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{9170181d-f229-4386-90e1-fa07a54596ca} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\80a589026ebe Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ac72891d1cd9 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_Session2\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_Session2\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session2\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session2\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 579 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 93 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 24 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_Session2\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_Session2\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_Session2\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_Session2\Security@Security 0x01 0x00 0x04 0x80 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----