GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-28 23:41:25 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465,76GB Running: yz4e6nde.exe; Driver: C:\Users\natala\AppData\Local\Temp\fxldrpow.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!memmove_s] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!mbstowcs] [1] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!free] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!__CxxFrameHandler3] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_CxxThrowException] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!??2@YAPEAX_K@Z] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_lock] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_unlock] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!__dllonexit] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_onexit] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_initterm] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!memcpy_s] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!_errno] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!wcsrchr] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!??3@YAXPEAX@Z] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[msvcrt.dll!memcpy] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[ADVAPI32.dll!RegCreateKeyExW] [ffffffff] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[ADVAPI32.dll!RegSetValueExW] [823c4acbf81] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[ADVAPI32.dll!RegOpenKeyExW] [fffff7dc3b53407e] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[ADVAPI32.dll!RegQueryInfoKeyW] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[ADVAPI32.dll!RegCloseKey] [0] IAT C:\WINDOWS\Explorer.EXE[2996] @ C:\Windows\System32\EhStorAPI.dll[KERNEL32.dll!DisableThreadLibraryCalls] [37] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [540:564] fffff960008682d0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DWdMD\WdMan.exe (*** suspicious ***) @ C:\ProgramData\DWdMD\WdMan.exe [2140] (TFuns/TFuns LIMITED)(2015-12-25 13:27:55) 0000000000e50000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----