GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-07 17:34:28 Windows 6.1.7601 Service Pack 1 x64 Running: 5smd80m5.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14908914336942291@SetupOperations ????????.NT?????Port_#0005.Hub_#0003??????N??????i????DlAP??????ta??????????????{21bf247b-5e8e-5277-9dcc-66946e086f60}??ND???????????z???????????????z??IO@0-0xFF:*;IO:HAL,MBRES;IRQ:HAL,*??????? ???????? ????????????0????????????&???????????????????????? ?????????????????????0????????????????????? ???????????????????/?0????????F???????????IO@0-0xFF:*;IO:HAL,MBRES;IRQ:HAL,*??????????????????????????????MBRES???? ?????????????????????0????????????????????? ???????????????????5?0????????????????????????????????????????????????????MBRES????????????????h??machine.inf?????? ?????????????????????0????????????????????????????????????????? ???????????????????/?0????????????????????????????????????????????????????????????machine.inf?????? ??????????????????NO_DRV_X????? ?????????????/???????0????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????NO_DRV_X????????????????????????Microsoft???? ?????????????????????0??????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14908914336942291@SetupOperations ?????u??????????????????????????s???????? ?????????????????????0?????????????????????h?h?h?k?m?z?????????j???y??????? ????????????????????*??????i?????????n?t????N???????????D???????????????@?????????????????USBSTOR??????? ??????r??D???????????? ???????????????????g?0?????????????????????????????????????????z???????????????????????????????5??35??35??A?(?????????????????????-F????N??????}??D????????????2??s???????????????xz???????????????e??6.1.7600.16385?j?k???????f???????????????????????????c??bf??????????aswSP???{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0011??.??? ?????????????????????0????????????????????????????? ???????????????????s?0????????????????????????????????$???Microsoft???????????????????????????? ??? ??????????????????6-21-2006???????????????????? ?????????????????????0?????????????????????????????????????????????????????????????b??36???????????????e????????????B?????????? ?????????????????????,????????h?D??????????l?????? ???????????????????????t?????????????????????????h???????????h?????"C:\Pro ---- Files - GMER 2.2 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 512 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Users\janek 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Users\janek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Users\janek\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Users\janek\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-74FF4DA2.pf 15802 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\SoftwareDistribution 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\SoftwareDistribution\DataStore 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\SoftwareDistribution\DataStore\Logs 0 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\C\Windows\SoftwareDistribution\DataStore\Logs\edb.chk 8192 bytes File C:\avast! sandbox\S-1-5-21-770938827-2149489586-298190218-1000\sfzone\snx_fs.dat 4818 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 62464 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{0a5329c7-9474-11e5-b63f-bc5ff4653237}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{0a5329c7-9474-11e5-b63f-bc5ff4653237}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{0a5329c7-9474-11e5-b63f-bc5ff4653237}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.2 ----