GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-25 17:32:40 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 TOSHIBA_MQ01ABF050 rev.AM0P2D 465,76GB Running: hzmx89nk.exe; Driver: C:\Users\AND-SO~1\AppData\Local\Temp\agadypoc.sys ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [768:816] ffffa8cfe1d36c20 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:5620] 00007fff30a85f10 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:8968] 00007fff2e3c59c0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:8196] 00007fff259b3a00 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:4632] 00007fff2e3c70d0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:7356] 00007fff2c6c2880 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:3640] 00007fff2e3c59c0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:388] 00007fff27a22cf0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:2648] 00007fff0c16bb70 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:3716] 00007fff27a22cf0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:236] 00007fff27a22cf0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:4280] 00007fff30a85f10 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:4396] 00007fff30a85f10 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:392] 00007fff30a85f10 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:4304] 00007fff30a85f10 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:9092] 00007fff2cdb11a0 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:1232] 00007fff246fe010 Thread C:\Windows\ImmersiveControlPanel\SystemSettings.exe [7904:4272] 00007fff2590bac0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:8212] 00007fff0b69c320 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:6672] 00007fff30a85f10 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:9676] 00007fff2e3c59c0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:1044] 00007fff259b3a00 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:4960] 00007fff267d48e0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:8284] 00007fff2e7ba200 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:9168] 00007fff2e3c70d0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:9160] 00007fff2e492a50 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe [228:7192] 00007fff2590bac0 ---- EOF - GMER 2.2 ----