GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-17 10:55:26 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: 0yulh49g.exe; Driver: C:\Users\Jacek\AppData\Local\Temp\uglyrpob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82C8C339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1996] kernel32.dll!SetUnhandledExceptionFilter 76843D01 4 Bytes [C2, 04, 00, 00] ---- Threads - GMER 2.1 ---- Thread System [4:3488] B2C66F2E ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272154d5f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272154d5f@001c8812b97f 0xF1 0x84 0x42 0xEB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272154d5f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272154d5f@001c8812b97f 0xF1 0x84 0x42 0xEB ... ---- Files - GMER 2.1 ---- File C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\000665.log 19 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2A.NFI 702 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2B.NFI 396 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2C.NFI 893 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2D.NFI 653 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2E.NFI 511 bytes File C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\FND2F.NFI 520 bytes ---- EOF - GMER 2.1 ----