GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-20 23:14:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: fnjh4pim.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\kxkcykow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [9572:240] ffffdbc443806c20 Thread [8516:3780] 000000007385ea50 Thread [8516:1616] 0000000073d5c59c Thread [8516:4676] 0000000073d5c59c Thread [8516:4144] 0000000073d5c59c Thread [8516:8136] 0000000073d5c59c Thread [8516:6788] 0000000073d5c59c Thread [8516:1636] 0000000073d5c59c Thread [8516:6700] 0000000073d5c59c Thread [8516:1148] 0000000073fc8370 Thread [8516:9196] 0000000073f948e0 Thread [8516:6736] 0000000073f948e0 Thread [8516:6676] 000000005a5231b0 Thread [8516:5516] 0000000067c425a0 Thread [8516:2784] 0000000073f948e0 Thread [8516:5444] 0000000073d5c59c Thread [8516:6460] 0000000077d367c0 Thread [8516:7928] 0000000077d367c0 Thread [8516:968] 0000000073f948e0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1396821396 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b46d8320e085 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b46d8320e085@f07959b300c1 0x09 0x09 0x38 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xF5 0x56 0x0A 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xF5 0xBE 0xCE 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xF5 0xEE 0x45 0x3F ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastAutoAppUpdateSearchSuccessTime 2017-03-19 23:48:47 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----