GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-12 15:44:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD10S21X-24R1BT0-SSHD-8GB rev.03.01A02 931,51GB Running: p3yr94ul.exe; Driver: C:\Users\MIKOAJ~1\AppData\Local\Temp\fxlyrpod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [9508:2324] ffff881129b86c20 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\System32\qmgr.dll (*** hidden *** ) [MANUAL] BITS <-- ROOTKIT !!! Service C:\WINDOWS\system32\cryptsvc.dll (*** hidden *** ) [AUTO] CryptSvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\wuaueng.dll (*** hidden *** ) [MANUAL] wuauserv <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????????????????????????p???3???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????:????????????????????????????????????????????????????????????????????????????? ??? ???!???!???#???4???4???4???9???9???9???9???:???:???:???:???:???:???:???:???:???:???:???:?????A???????????????????????????????????????????????????C?????????????????????????????????????????????????????B???B???B??????N??????????e??%SystemRoot%\system32\AppReadiness.dll??????? ??%?????????????????????"?????????????????? ??%?????????????????????$????????? ???????e???? ??(?????????????????????????L???????????????????b??????`?W?`??%SystemRoot%\system32\LogFiles\WMI\RtBackup\*.*?????????????????????????????????????????????????????????????????????????????????\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.*????????????????????\System Volume Information\FVE2.{c9ca54a3-6983-46b7-8684-a7e5e23499e3}??????????????????????\System Volume Info Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1969996336 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14748911360932280@SetupOperations ???_?????_?`?`?`?`?a?a??????????????????????????????????????????????????????????????? ???????_???????????_???????? ??????????????????????????_???m??Commited?w???_?_?_?_?_?_?_?_?????????????o?????tem???????????????????????????_???a??????sy???????2???????_???d???????s?????_?????a?a?b?b?b?b?c?c????????????????????????????????????????????????4???????????????? ???????_???????????_???????? ??????????????????????????_??????Commited?i???_?_?_?_?_?_?????????????t?????tUE???????????|?????tag???????_???@??????r%??????m3??????????????????????????????????????????? ???????^?????_?????_??????????P?+??????????????_?????????e?+??aswSnx???????_?_?_?_?_?_?_?_??????L??_??????????????avast! virtualization driver (aswSnx)?????????????????????????????????????????????????????????P??_???S????h#F3??\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??_??????????FSFilter Virtualization??????????_???????????e??FltMgr??????? ??'????_?????_?????_?????????? ?????????stem???? ??_??????????????aswSnx Instance?00?????_???_????? ??'????_????? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14748911932962280@SetupOperations ???_?????a?a?b?b?b?b?c?c????????????????????????????????????????????????4???????????????? ???????_???????????_???????? ??????????????????????????_??????Commited?i???_?_?_?_?_?_?????????????t?????tUE???????????|?????tag???????_???@??????r%??????m3??????????????????????????????????????????? ???????^?????_?????_??????????P?+??????????????_?????????e?+??aswSnx???????_?_?_?_?_?_?_?_??????L??_??????????????avast! virtualization driver (aswSnx)?????????????????????????????????????????????????????????P??_???S????h#F3??\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??_??????????FSFilter Virtualization??????????_???????????e??FltMgr??????? ??'????_?????_?????_?????????? ?????????stem???? ??_??????????????aswSnx Instance?00?????_???_????? ??'????_???????????_???????????????????????e???????_???(??????137600???????_?_????????????????sD?????_????? ??'????_???????????_??????????T??? ???????????? T??_???6??????r0??\??\C:\Program Files\AVAST Software\Avast????_?_????? P??_???????????(??\??\C:\ProgramData\AVAST Software\A Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\cc3d8273e79e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\cc3d8273e79e@b869c23d038e 0xD5 0xB9 0x15 0x35 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x3A 0xE6 0x8B 0xBB ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{20E88254-FD75-4E2D-ACE8-1558A6AF4561}@LastAccessedTime 0xB0 0xA8 0xED 0x8E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{20E88254-FD75-4E2D-ACE8-1558A6AF4561}@LaunchCount 1 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----