GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-01-10 16:13:22
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 WDC_WD10EZEX-00WN4A0 rev.01.01A01 931,51GB
Running: wv5eq0h8.exe; Driver: C:\Users\AAA\AppData\Local\Temp\uxtyapow.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!ShowScrollBar                                               00007ffb3d971150 5 bytes JMP 00007ffabd9e0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!SetScrollInfo                                               00007ffb3d97c760 5 bytes JMP 00007ffabd990018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!GetScrollInfo                                               00007ffb3d984810 5 bytes JMP 00007ffabd9a0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!SetScrollRange                                              00007ffb3d995ea0 5 bytes JMP 00007ffabd9b0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!SetScrollPos                                                00007ffb3d9a5080 5 bytes JMP 00007ffabda20018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!EnableScrollBar                                             00007ffb3d9a72f0 5 bytes JMP 00007ffabd9c0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!GetScrollPos                                                00007ffb3d9afc70 5 bytes JMP 00007ffabd9d0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[2124] C:\WINDOWS\system32\USER32.dll!GetScrollRange                                              00007ffb3d9fedb0 5 bytes JMP 00007ffabda10018

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [3996:1128]                                                                                                 fffff960009152d0
Thread  C:\WINDOWS\Explorer.EXE [3548:1108]                                                                                                       00007ffb2e79e630

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SNY24001668448_32_07D5_93^5FEB69225A12DBB0DD315B15584235A1@Timestamp  0xF8 0x66 0x1D 0x60 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                         1812397866
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                           ?Wt?, ?sty ?10 ?17, 11:04:08??????L???????L???????????????L????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@ErrorControl                                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@Start                                                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@Type                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                          2621
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count                            7

---- EOF - GMER 2.2 ----