GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2019-08-02 16:32:50 Windows 6.2.9200 x64 Running: gmer.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0006 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0007 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{9f5b15d7-12ac-48b4-ba5d-e289cae6757a} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{9f5b15d7-12ac-48b4-ba5d-e289cae6757a}\7003 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{9f5b15d7-12ac-48b4-ba5d-e289cae6757a}\7005 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a35996ab-11cf-4935-8b61-a6761081ecdf} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a35996ab-11cf-4935-8b61-a6761081ecdf}\0010 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{e7c3fb29-caa7-4f47-8c8b-be59b330d4c5} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{e7c3fb29-caa7-4f47-8c8b-be59b330d4c5}\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0} Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000F Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{9f5b15d7-12ac-48b4-ba5d-e289cae6757a}\7003@ 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{9f5b15d7-12ac-48b4-ba5d-e289cae6757a}\7005@ 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011@ 0x03 0x00 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastTelemetryLog 0x0C 0x91 0x7C 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastTelemetryLog 0x15 0x2D 0x7D 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0006@ 0x53 0x00 0x57 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100@ 0x53 0x00 0x57 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003@ 0x55 0x00 0x4D 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0004@ 0x55 0x00 0x4D 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x57 0x2B 0x6D 0xD8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000F@ 0x68 0x00 0x74 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACI22FDF4LMTF139530_11_07DF_E2^42BFFE9CC350C76ED5B0FA0B01AC56AB@Timestamp 0x6E 0x98 0x3D 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastTelemetryLog 0x73 0x05 0x76 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0007@ 0x75 0x00 0x75 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastTelemetryLog 0x76 0xF2 0x62 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastTelemetryLog 0x76 0xF2 0x62 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{e7c3fb29-caa7-4f47-8c8b-be59b330d4c5}\0002@ 0x7F 0xBB 0xFC 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\SWD#DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002@ 0x7F 0xBB 0xFC 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastTelemetryLog 0x96 0x72 0xD0 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog 0x96 0x72 0xD0 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastTelemetryLog 0xAD 0x3E 0xF6 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastTelemetryLog 0xB3 0xDF 0x6B 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xDB 0x4D 0xB5 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xDB 0xB5 0x79 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xDB 0xE5 0xF0 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\State\Store\DAFUPnPProvider#uuid:ddfcbb7f-eed2-4384-a10a-f22db8d12145\Properties\{a35996ab-11cf-4935-8b61-a6761081ecdf}\0010@ 0xFF Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootSucceeded 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11059 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1118344076 Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-3673397691-3589382022-2184053282-1000@SequenceNumber 1448 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 153 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{fc9ad0d3-6b00-4374-8f94-83e5b4f2ebfe}@LastProbeTime 1564389775 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{196cdce4-3f70-47b4-94ee-7d7d62935f38}@Dhcpv6InformationObtainedTime 1564744676 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{196cdce4-3f70-47b4-94ee-7d7d62935f38}@LeaseObtainedTime 1564744676 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{196cdce4-3f70-47b4-94ee-7d7d62935f38}@T1 1564787876 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{196cdce4-3f70-47b4-94ee-7d7d62935f38}@T2 1564820276 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{196cdce4-3f70-47b4-94ee-7d7d62935f38}@LeaseTerminatesTime 1564831076 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 1623357 Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-90-0-1@SequenceNumber 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 205 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 207 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2971 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 468 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 572339199 Reg HKLM\SYSTEM\CurrentControlSet\Control@DirtyShutdownCount 61 Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-90-0-6@SequenceNumber 789 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15503326247502364@SetupOperations ???8?????8?8?8 9?9??????7????=???????????????B???.??????????? ???????7???????????8???????? ??????????????????????????8??????Commited?????8?8?8?8?8?8???????????????????tMi?????????????????t?????????8????????????????>?>????????????????????????????????????????????????? ???????7???????????>???????? ??????????????????????????>???r??Commited?????>?>?>?>?>?>?????????????S?????twa???>??????????????DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a\aswOfferTool.exe")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a\AvBugReport.exe")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a\AvDump.exe")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a\HTMLayout.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\New_1305094a\instup.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\ Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15618307795932383@SetupOperations ???A?????A?A B?B?B?B?????????????-???????????????????1??????????? ???????7???????????A???????? ??????????????????????????A???$??Reverted?>???A?A?A?A?A?A???????????????????t???????????????????t?????????A??????????????????Pa???????????6???????????????????6??????????? ???????7???????????A???????? ??????????????????????????A???I??Reverted?I???A?A?A?A?A?A?????????????I?????t?I???????????z?????t?k???????A???????????????????????????????.???????????????????y??????????? ???????7???????????A???????? ??????????????????????????A???K??Reverted?????A?A?A?A?A?A???????????????????t?????????????e?????t\s???????A???.??????RU???????I???????????o???????????????????c??????????? ???????7???????????A???????? ??????????????????????????A??????Reverted?????A?A?A?A?A?A?????????????s?????tl.???????????5?????t1"???????A???o??????il???????H???????????i???????????????????E??????????? ???????7???????????A???????? ??????????????????????????A???K??Reverted?>???A?A?A?A?A?A?????????????e?????tC:???????????s?????tdr???????A???n??????s.????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?czw.?, ?sie ?01 ?19, 06:52:48??????????????????V?????}???????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe.pending.370?!\??\C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe?\??\C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe.old.ab26506764770b9d.tmp??\??\C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe.b0b19e4f-b488-40a4-ac33-bba68401be9e??\??\C:\ProgramData\AMD\Fuel\Fuel.txt??\??\C:\ProgramData\NVIDIA\MessageBusBroadcast.log??\??\C:\ProgramData\NVIDIA\NvContainerWatchdog.log??\??\C:\ProgramData\NVIDIA\NVDisplayContainerWatchdog.log??\??\C:\ProgramData\NVIDIA\NvContainerLocalSystem.log??\??\C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log??\??\C:\ProgramData\NVIDIA\NvMessageBusBroadcastPlugin.log??\??\C:\ProgramData\NVIDIA\NvTelemetryContainer.log??\??\C:\ProgramData\NVIDIA\DisplaySessionContainer5.log??\??\C:\ProgramData\NVIDIA\MessageBus_3492_0x24CBB2541D0.log??\??\C:\ProgramData\NVIDIA\MessageBus_3492_0x24CBB5CE7B0.log??\??\C:\ProgramData\NVIDIA\MessageBus_3492_0x24CBB5CD490.log Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute autocheck autochk /p \??\F:?autocheck autochk /p \??\D:?autocheck autochk /p \??\C:?autocheck autochk *? Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f1651736-08a2-4fbf-b7cd-245bfb5 Reg HKLM\SYSTEM\WaaS\WaaSMedic\TaskStore@Schedule Scan Microsoft\Windows\UpdateOrchestrator? Microsoft Corporation Microsoft Corporation 1.0 To zadanie wykonuje zaplanowane skanowanie us?ugi Windows Update. \Microsoft\Windows\UpdateOrchestrator\Schedule Scan D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA) PT22H false 2019-08-01T17:54:54+02:00 true PT4H true PT2H5M 750CBCA3290B9641