GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2018-01-25 13:59:17 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 TOSHIBA_MK5055GSX rev.FG001A 465,76GB Running: rmq2tm48.exe; Driver: C:\Users\PROFEN~1\AppData\Local\Temp\kxdyqfow.sys ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1881 83C932D1 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CCFDD2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Security\ekrn.exe[720] kernel32.dll!SetUnhandledExceptionFilter 752FF73B 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!SetScrollRange 76E28E8B 5 Bytes JMP 0115178D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!GetScrollInfo 76E32D73 5 Bytes JMP 011518AC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!SetScrollInfo 76E348AA 5 Bytes JMP 01151804 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!GetScrollRange 76E5042A 5 Bytes JMP 0115183E C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!SetScrollPos 76E5048E 5 Bytes JMP 011517CA C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!GetScrollPos 76E50E13 5 Bytes JMP 01151878 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!EnableScrollBar 76E5199E 5 Bytes JMP 011518E3 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[4040] USER32.dll!ShowScrollBar 76E53C59 5 Bytes JMP 01151756 C:\Program Files\CCleaner\CCleaner.exe ---- Processes - GMER 2.2 ---- Library C:\Program Files\ESET\ESET Security\Modules\em002_32\36163\em002_32.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET Security\ekrn.exe [720] 0x65CE0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214ffd02b2 Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Cz?, ?sty ?25 ?18, 12:16:17???????????????????????????????????Í Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214ffd02b2 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@4F0FF352 290 ---- EOF - GMER 2.2 ----