GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-01 14:35:10 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: fhhs6men.exe; Driver: C:\Users\natal\AppData\Local\Temp\awediaog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [532:568] fffffcdb41b36c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN NOVGA Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ? ????????????????????????J????????????h????C:\Program Files (x86)\Elex-tech\YAC????Calls?Calls Per Second?Calls Outstanding?Calls Failed?Call Failed Per Second?Calls Faulted?Calls Faulted Per Second?Calls Duration?Calls Duration Base?Transactions Flowed?Transactions Flowed Per Second?Security Validation and Authentication Failures?Security Validation and Authentication Failures Per Second?Security Calls Not Authorized?Security Calls Not Authorized Per Second???????????N??????????e??%SystemRoot%\system32\AppReadiness.dll??????? ?????????????_??????????"?????????????????? ????????????????????????$????????? ???????e???? ????????????????????????????L???????????????????b??????`?W?`??%SystemRoot%\system32\LogFiles\WMI\RtBackup\*.*?????????????????????????????????????????????????????????????????????????????????\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.*????????????????????\System Volume Information\FVE2.{c9ca54a3-6983-46b7-8684-a7e5e23499e3}??????????????????????\System Volume Informat Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 848 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 868500 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 359745303 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 154 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 485366322 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4180 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 4154 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID bca04b1d-1a23-44f5-88c7-20822af Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14735218072342280@SetupOperations ???6?????7?7????????????????????????????????????????????????????????????????? ???????6?????6?????6??????????P?,??????????????6?????????e83??aswSnx???????6?6?6?6?6?6?6?6??????L??6???e?????n-E??avast! virtualization driver (aswSnx)????????????????????????????m??td???????????v????????????P??6???B????h778??\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??6???-??p1??FSFilter Virtualization??????????6???(???????e??FltMgr??????? ???????6?????6?????6?6???????? ?????????slte???? ??6??????????????aswSnx Instance?00?????6???6????? ???????6???????????6?6?????????????????????e???????6???O??????137600???????6?6???????????????????????6????? ???????6???????????6?6????????T??? ???????????? T??6??????????????\??\C:\Program Files\AVAST Software\Avast????6?6????? P??6??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????6?????7?????6??????????N?-??????????????6?????????e????aswSP????6?6?6?6?6?6?6?6??????.??6??????????????avast! Self Protection???????????????????????????????-??tF???????????D??????6F????N??6???(? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1008b1646810 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2374 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 653 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{514A675E-E422-4FA3-8650-653E2B0C4CE2}@LastAccessedTime 0x90 0x6B 0xB0 0x8B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{514A675E-E422-4FA3-8650-653E2B0C4CE2}@LaunchCount 2 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x45 0xEC 0xBE 0x39 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----