GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-28 22:38:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6 ST380815AS rev.4.AAA 74,53GB Running: m9jnvizl.exe; Driver: C:\Users\tom615\AppData\Local\Temp\pwryipog.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1280815183 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14734094956712280@SetupOperations ???+?????+?+?????????????????????????????????!??????????? ???????*?????+?????+??????????P?9??????????????+?????????e????aswSnx???????+?+?+?+?+?+?+?+??????L??+?????????n????avast! virtualization driver (aswSnx)????????????\???????????????m??td???????????v???????O????P??+??????????????\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??+??????????FSFilter Virtualization??????????+???????????e??FltMgr??????? ???????+?????+?????+?????????? ?????????s??????? ??+???????????e??aswSnx Instance????????+???+????? ???????+???????????+???????????????????????e???????+??????????137600???????+?+????????????????s??????+????? ???????+???????????+??????????T??? ???????????? T??+??????????r???\??\C:\Program Files\AVAST Software\Avast????+?+????? P??+??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????*?????+?????+??????????N?:?????P????????+?????????e????aswSP????+?+?+?+?+?+?+?+??????.??+?????????n????avast! Self Protection??????????????????????????????????t????????????0??????OO????N??+???0????h439??\SystemRoot Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7a4548d7-cd89-49c3-b67a-317b236ed927}@LeaseObtainedTime 1485631285 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7a4548d7-cd89-49c3-b67a-317b236ed927}@T1 1485633085 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7a4548d7-cd89-49c3-b67a-317b236ed927}@T2 1485634435 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7a4548d7-cd89-49c3-b67a-317b236ed927}@LeaseTerminatesTime 1485634885 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xEB 0x75 0x63 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xEB 0xDD 0x27 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xEB 0x0D 0x9F 0x9F ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@OperaSoftware.OperaWebBrowser.1455115975 0x1C 0x4F 0x8E 0x4D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{597B18D7-F6B4-4764-AE0E-73FAAA9E8AE4}@LastAccessedTime 0x40 0x59 0x0E 0x9C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{597B18D7-F6B4-4764-AE0E-73FAAA9E8AE4}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A55DFD9E-6B99-4B10-8F59-EEDDF520A858}@LastAccessedTime 0xB0 0x76 0x58 0x4B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A55DFD9E-6B99-4B10-8F59-EEDDF520A858}@LaunchCount 36 ---- EOF - GMER 2.2 ----