GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-21 16:35:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 SanDisk_SDSSDHII240G rev.X31200RL 223,57GB Running: 34v04s8d.exe; Driver: C:\Users\CIERNI~1\AppData\Local\Temp\agrdqpob.sys ---- Threads - GMER 2.2 ---- Thread C:\windows\system32\csrss.exe [880:904] fffff960008e12d0 Thread C:\windows\Explorer.EXE [4236:4860] 00007ffe32a34430 Thread C:\windows\Explorer.EXE [4236:5668] 00007ffe45ebc8d0 Thread C:\windows\Explorer.EXE [4236:5004] 00007ffe37ba1fe0 Thread C:\windows\Explorer.EXE [4236:5964] 00007ffe3f1096e0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -676677177 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cad974f7404 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cad974f742a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cad974f80cc Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 27989 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning@RemoteSessionDisable-DriveIndex 5 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{e29f725e-4217-11e4-8254-806e6f6e6963}@Active 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x40 0x7E 0xD1 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x80 0x61 0xA2 0xA9 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----