GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-18 19:24:37 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 WDC_WD10S21X-24R1BT0-SSHD-8GB rev.03.01A01 931,51GB Running: 17iui9b0.exe; Driver: C:\Users\Prezes\AppData\Local\Temp\ugliquoc.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [748:780] fffff960659b4030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1940741293 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14683559277182272@SetupOperations ???7?????7?7?8?8?8?8?9???????????????????????????L???E???????????????7???????7??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTM7820.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB799A.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD7A47.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD7AE6.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\x64")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\x86")?MoveFile("\??\C:\Program Files\AVAST Software\Avast\Gri5BD4.tmp","\??\C:\Program Files\AVAST Software\Avast\GrimeFighter2.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\Gf25C71.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\Gf2Vss.exe",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14683559702652272@SetupOperations ???7?????9?9?9?:?:?:?:???????????????????????????L???E??????????????4????E??????????? ???????6?????7?????7??????????P?)??????????????7?????????e????aswSnx???????7?7?7?7?7?7?7?7??????L??7?????????n????avast! virtualization driver (aswSnx)???????????????????????????????t?????????????????????????P??7????????h?????\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??7??????p???FSFilter Virtualization??????????7???????????e??FltMgr??????? ???????7?????7?????7?????????? ?????????s??????? ??7???????????e??aswSnx Instance????????7???7????? ???????7???????????7???????????????????????e???????7??????????137600???????7?7????????????????s??????7????? ???????7???????????7??????????T??? ???????????? T??7??????????r???\??\C:\Program Files\AVAST Software\Avast????7?7????? P??7??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????6?????7?????7??????????N?*?????P????????7?????????e????aswSP????7?7?7?7?7?7?7?7??????.??7?????????n????avast! Self Protection??????????????????????????????????t?????????????????????????N Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18cf5e9d95bc Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x08 0x63 0xFE 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x08 0xCB 0xC2 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x08 0xFB 0x39 0xF8 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\ProgramData\AVAST Software\Avast\lscache.dat 42 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00128.log 1048576 bytes File C:\Users\Prezes\AppData\Local\Mozilla\Firefox\Profiles\41A66E7E5EE1\cache2\entries\C30CD4460241739DC6FD56C90D8FC9A9890EFFAE 0 bytes ---- EOF - GMER 2.2 ----