GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-12-14 13:47:19
Windows 6.2.9200  x64 
Running: ifwzbzfg.exe


---- Registry - GMER 2.2 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                         -2070317130
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15004494210312303@SetupOperations                        ???:?????:?;?;?;????????????? ???????????????????????????????????p??????????????????????????????????????????????? ???????r???????????O?r????????@???,???????????????????????????????????????????????????????????????{11D8A17B-F2D8-4733-B41B-6F4959ACD701}??? ???????????????????d???????????????????????????????????d???????????????????????????????????????d?????&????????????????????????????? ???????&???????????&?&????????????&????????????????????5???????????????d???????????????????????????????????????????&???g?g?g?:?:?:?:?:?:?:?:?:?:?:?:?:k????????????????????d???????????9???d?????'0???? ???????:???????????:???????? ??????????????????????????:???N??Commited?????:?:?:?;?;?;?????????????????????????????????????????????????????:??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB942D.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD949C.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15047981895312310@SetupOperations                        ???<?????<?<?<??????????????????????????????????????????? ???????:???????????<???????? ???M??????????????????????<???t??Commited?p???<?<?<?<?<?<?????????????s?????tMS???????????e?????tAu???????<???2??????ti??????ow??????????????????????????????????????????? ???????:???????????<???????? ???N??????????????????????<???t??Commited?????<?<?<?<?<?<???????????????????th????????????????????????????<???S??????m3??????????????????????????????????????????????????? ???????:???????????<???????? ???O??????????????????????<???t??Commited?t???<?<?<?<?<?<????????????????????5????????????l?????t?????????<???????????t???????t??????????????????????????????????????????? ???????:???????????<???????? ???P??????????????????????<??????Commited?h???<?<?<?<?<?<?????????????6?????t|L???????????1?????tcr???????<???w??????dr??????????????????????????????????????????????????? ???????:???????????<???????? ???Q??????????????????????<???A??Commited?A???<?<?<?<?<?<???????????????????t???????????????????t?????????<???????????????????l?????????
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15071485813122314@SetupOperations                        ???=?????=?=?=?????? ????2???????????????2???????????????????1???=??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB9F04.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD9F73.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD9FB4.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE6FF.tmp","\??\C:\Program Files\AVAST Software\Avast\aswcmlx.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE73E.tmp","\??\C:\Program Files\AVAST Software\Avast\aswsysx.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE86E.tmp","\??\C:\Program Files\AVAST Software\Avast\aswDataScan.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\gamE8DC.tmp","\??\C:\Program Files\AVAST Software\Avast\gaming_hook.exe",TRUE)?MoveFile("\??\C:\Program Files\A
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15109400998752318@SetupOperations                        ???>?????>?>?>???????????????????????????q??????????????? ???????:???????????>???????? ???~??????????????????????>???6??Commited?!???>?>?>?>?>?>?>???????????i?????tum???????????e?????t("???????>???o??????te???????!???????>???\???????s??DeleteFile("\??\C:\Program Files\AVAST Software\Avast\GrimeFighter2.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\x64\Gf2Vss.exe")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\x64",FALSE,FALSE)?DeleteFile("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\control\rules.dat")?RemoveDir("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\control",FALSE,FALSE)?DeleteFile("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\control\rules.ver")?RemoveDir("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\control",FALSE,FALSE)?DeleteFile("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\control\settings.dat")?RemoveDir("\??\C:\ProgramData\AVAST Software\Avast\GrimeFighter2\cont
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00c2c60ed30e                                               
Reg  HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                       0xDE 0xAE 0xDC 0x8F ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                            0xDE 0x16 0xA1 0xF1 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                             0xDE 0x46 0x18 0x2E ...
Reg  HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                        0x64 0x62 0x03 0x00 ...
Reg  HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                    0x64 0x62 0x03 0x00 ...
Reg  HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                        0x64 0x62 0x03 0x00 ...
Reg  HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                    0x64 0x62 0x03 0x00 ...
Reg  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B                                       0xDC 0x17 0xC0 0x7C ...
Reg  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E5FAC01A-533F-4E9C-9F80-5F1E42E78108}@LastAccessedTime  0x10 0x20 0xCD 0xC2 ...
Reg  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E5FAC01A-533F-4E9C-9F80-5F1E42E78108}@LaunchCount       2

---- EOF - GMER 2.2 ----