GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-13 11:41:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 Micron_M600_MTFDDAV256MBF rev.MA01 238,47GB Running: xji2v61d.exe; Driver: C:\Users\barto\AppData\Local\Temp\fgtdqfow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [6100] entry point in ".rdata" section 00000000739bc940 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6100] entry point in ".rdata" section 0000000072728fc0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6100] entry point in ".rdata" section 000000006fbf3570 ? C:\Windows\System32\smartscreenps.dll [6100] entry point in ".rdata" section 000000006fc758a0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [4192] entry point in ".rdata" section 000000006e84a020 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [7900] entry point in ".rdata" section 000000006e84a020 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7900] entry point in ".rdata" section 000000006fbf3570 ? C:\WINDOWS\system32\apphelp.dll [5480] entry point in ".rdata" section 000000006f1df7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [6800:7852] ffffa491f58b6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????q????????????????????????????x?????????????????????????????????????????ESET Security????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????AA????????????????????????????x?????????????????????????????????????????ESET Security????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????to???&???:???q???????????????????q???&???:???q???????????????????q???&???:???q???????????????????9????????????????????????????x?????????????????????????????????????????ESET Security????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????\b????????????????????????????x?????????????????????????????????????????ESET Security????????????????????????????????? ??????????? ????(??????P Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1131565727 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1002b55716d2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B 0xB2 0xE0 0x6F 0x4F ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----