GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-24 16:46:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 ST3160815AS rev.4.CCC 149,05GB Running: ynz5hv09.exe; Driver: C:\Users\dib\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\avastUi.exe[3904] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000775587c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Threads - GMER 2.2 ---- Thread [968:3700] 0000000066831410 Thread [968:2672] 0000000077db6679 Thread [968:4224] 0000000077db41f3 Thread [968:2284] 0000000077db6679 Thread [968:3524] 0000000066bb6250 Thread [968:1140] 0000000077867587 Thread [968:4596] 0000000066bb6250 Thread [968:4460] 0000000066bb6250 Thread [968:4464] 00000000693b32fb Thread [968:4388] 0000000066bb6250 Thread [968:4896] 0000000066bb6250 Thread [968:2932] 0000000066bb6250 Thread [968:2572] 0000000066bb6250 Thread [968:4016] 00000000660f5c60 Thread [968:2712] 00000000660f5c60 Thread [968:2540] 00000000660f5c60 Thread [968:2568] 00000000660f5c60 Thread [968:1960] 00000000660f5c60 Thread [968:1608] 00000000660f5c60 Thread [968:4340] 00000000660f6f60 Thread [968:2852] 00000000660f6f60 Thread [968:1584] 00000000660f6190 Thread [968:960] 000000006617c080 Thread [968:4668] 000000006617ac60 Thread [968:2940] 000000006617b080 Thread [968:4768] 00000000660f9450 Thread [968:4692] 00000000660f9450 Thread [968:628] 00000000660f9450 Thread [968:4704] 00000000660f9450 Thread [968:844] 00000000660f9450 Thread [968:4568] 00000000660f9450 Thread [968:1032] 00000000660f9120 Thread [968:3796] 0000000064f91330 Thread [968:4904] 0000000064f520c0 Thread [968:4572] 0000000066bb6250 Thread [968:3460] 0000000064f578d0 Thread [968:1268] 0000000064f578d0 Thread [968:4756] 0000000066bb6250 Thread [968:3872] 0000000066126790 Thread [968:3520] 00000000660f8ab0 Thread [968:2532] 0000000066bb6250 Thread [968:4296] 0000000066bb6250 Thread [968:4384] 0000000066bb6250 Thread [968:3396] 0000000066bb6250 Thread [968:3660] 00000000661f0c10 Thread [968:552] 0000000065ea9b70 Thread [968:4616] 0000000064f919c0 Thread [968:3492] 0000000063baa0e0 Thread [968:5112] 0000000066bb6250 Thread [968:2772] 00000000664bbf00 Thread [968:3316] 00000000664bf7b0 Thread [968:3692] 0000000066bb6250 Thread [968:2844] 0000000066bb6250 Thread [968:764] 0000000066bb6250 Thread [968:1408] 0000000066bb6250 Thread [968:3724] 0000000066bb6250 Thread [968:4920] 0000000066bb6250 Thread [968:4132] 0000000063a87fd0 Thread [968:4456] 0000000063a87fd0 Thread [968:4168] 0000000063a87fd0 Thread [968:2072] 0000000063a87fd0 Thread [968:1208] 000000007727d864 Thread [968:2020] 0000000066bb6250 Thread [968:4292] 0000000066bb6250 Thread [968:1312] 0000000066bb6250 Thread [968:3384] 0000000066bb6250 Thread [968:1376] 0000000066bb6250 Thread [968:4780] 0000000066bb6250 Thread [968:1480] 0000000066bb6250 Thread [968:4092] 0000000066bb6250 Thread [968:148] 00000000681d8ef0 Thread [968:5040] 0000000068195b30 Thread [968:2412] 0000000068195b30 Thread [968:5940] 00000000676775e0 Thread [968:336] 0000000067d080e0 Thread [968:5500] 0000000077db6679 Thread [968:5168] 0000000066bb6250 Thread [968:4864] 0000000077db6679 Thread [968:5608] 0000000077db6679 Thread [968:600] 0000000068b672ad Thread [968:5968] 0000000077db6679 Thread [968:6096] 0000000066bb6250 Thread [968:4320] 0000000066bb6250 Thread [968:4824] 0000000066bb6250 Thread [968:1252] 00000000753162ee ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????????????? ????????(?????????????????????T?3?&???????????????????????????????????s?????T???????????c?????@%SystemRoot%\System32\SysClass.Dll,-3007????? ?????????Storage Volumes?stem32\SysClass.Dll,-3007???? ?????????????????????0??????????&? ????????????!?!?!????R?????????????%SystemRoot%\System32\\imageres.dll,-32???????:???????????D????????????2??????H??????????????2??????????????????????????????SysClass.dll,VolumeClassInstaller???StorProp.Dll,VolumePropPageProvider?????????????????????? ??1???????????l???????1????????????????????????????????????&P?????????????????????????????SysClass.Dll,CriticalDeviceCoInstaller????????6?????????????????????????????????? ???????????????????????????? ??????????p??%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys????????????????????????? ??????????????????????????????T?*?&???????????????????????VolumeSnapshot????????T???????????c?????@%SystemRoot%\System32\SysClass.Dll,-3011???Storage volume shadow copies?ss.Dll,-3011???? ????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????MultiFunction???{36fc9e60-c465-11cf-8056-444553540000}???????????????????????????????????????v???? ??????s???e??? x???????????????????8??????\??ds??H?????????????????????????????????????????H??????m????????)??.??????????????????????????????????????????????????????????????????????????????????????????;S??? ?????????????????????5?????? ?????????????????? ??????????????85???????????????????e??????? ?????????????????????0????????????????????? ?????????????????????0????????????????????LocalSystem?????????????????? ???????? ????????????0????????????&???????????????????????? ?????????????????????0????????????????????avast! WFP Redirect driver??????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????? ????????5??HJ???????????q???????q???q???q???????????????5???????q???q???q???????????????????????q?????????????????? ??????????????????? ??????????? ?????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ???? ---- EOF - GMER 2.2 ----