GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-22 20:21:47 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e TOSHIBA_MQ01ABF050 rev.AM0Q5E 465,76GB Running: zmb2zizb.exe; Driver: C:\Users\ZBYSZEK\AppData\Local\Temp\fxlyrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [568:592] fffff9600093f2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 923336978 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14749109373282280@SetupOperations ????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????? ?????????????????????????????????Reverted???????????????????????????????????????t\P???????????s?????t S???????????s??????da???????????????????e???????s??????????????? ? ? ? ?!?!????????????????????????????????????????????????4???????????????? ???????????????????????????? ?????????????????????????????????Commited???????????????????????????????????t???????????????????t?????????????????????????????????????????o???????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\FwReboot.txt")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8e8.ori")????????????????N???????????????????&??????????? ???????????????????????????? ??????????????????????????????.??Reverted?.???????????????????????????\?????tPr???????????????????????????\?????tSo???????????t??????\I???????.???????????m???????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8e8.ori")??et????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14749111004842280@SetupOperations ????????????? ? ? ? ?!?!????????????????????????????????????????????????4???????????????? ???????????????????????????? ?????????????????????????????????Commited???????????????????????????????????t???????????????????t?????????????????????????????????????????o???????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\FwReboot.txt")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8e8.ori")????????????????N???????????????????&??????????? ???????????????????????????? ??????????????????????????????.??Reverted?.???????????????????????????\?????tPr???????????????????????????\?????tSo???????????t??????\I???????.???????????m???????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8e8.ori")??et??????????????????????????????????????????? ???????????????????????????? ?????????????????????????????????Reverted???????????????????????????????????tIm???????????i?????tti??????????? ?????? F???????????????????????????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\s Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acb57df3883a Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x1D 0xEA 0x4D 0x21 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----