GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-09-19 15:37:17
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST380811AS rev.3.AAE 74,53GB
Running: ekkzxbm5.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys


---- System - GMER 2.2 ----

SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                  ZwCreateThread [0x912DC570]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                  ZwLoadDriver [0x912DC5D0]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                  ZwSetSystemInformation [0x912DC5B0]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                  ZwSystemDebugControl [0x912DC590]

---- Kernel code sections - GMER 2.2 ----

.text  ntkrnlpa.exe!ZwRenameKey + 1549                                                                                         82A8BEC5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82AC6272 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1203                                                                                     82ACD7A8 4 Bytes  [70, C5, 2D, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                     82ACD8B8 4 Bytes  [D0, C5, 2D, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 161F                                                                                     82ACDBC4 4 Bytes  [B0, C5, 2D, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                     82ACDC0C 4 Bytes  [90, C5, 2D, 91]

---- User code sections - GMER 2.2 ----

.text  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[760] kernel32.dll!SetUnhandledExceptionFilter                       776DF6AB 4 Bytes  [C2, 04, 00, 00]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3484] shell32.DLL!RealDriveType + 173D                                  762EFC70 4 Bytes  [80, C0, 14, 71]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3484] shell32.DLL!RealDriveType + 1745                                  762EFC78 8 Bytes  [10, 12, 14, 71, 50, C1, 14, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3536] shell32.DLL!RealDriveType + 173D                                  762EFC70 4 Bytes  [80, C0, 14, 71]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3536] shell32.DLL!RealDriveType + 1745                                  762EFC78 8 Bytes  [10, 12, 14, 71, 50, C1, 14, ...]

---- Registry - GMER 2.2 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                      
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@2C877B18                             280
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{8B427317-A21F-11E4-BA96-806E6F6E6963}  6390608880
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{8B427318-A21F-11E4-BA96-806E6F6E6963}  32634544

---- EOF - GMER 2.2 ----