GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-05 02:28:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_01 298,09GB Running: r8tboqu3.exe; Driver: C:\Users\Git\AppData\Local\Temp\pwlorkob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\services.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e3a2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[1968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[2912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Users\Git\Downloads\Defogger.exe[4112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e3a2ba 1 byte [62] .text C:\Users\Git\Downloads\Defogger.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Users\Git\Downloads\Defogger.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Windows\system32\conhost.exe[4956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62] .text C:\Users\Git\Downloads\r8tboqu3.exe[4552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e3a2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread [928:2964] 0000000077c22e65 Thread [928:2588] 0000000077c23e85 Thread [928:1084] 000000007332f28e Thread [928:696] 00000000741b13f0 Thread [928:2300] 000000007281fea0 Thread [928:2236] 000000007332f28e Thread [928:3088] 000000007332f28e Thread [928:3096] 000000007332f28e Thread [928:3104] 000000006e2ba031 Thread [928:3116] 000000006e2ba031 Thread [928:3120] 000000006ee4b90f Thread [928:3124] 000000006ee4b90f Thread [928:3128] 000000006ee4b90f Thread [928:3140] 000000006e2ba031 Thread [928:3156] 000000006e2ba031 Thread [928:3160] 000000006e2ba031 Thread [928:3168] 000000006e2ba031 Thread [928:3988] 00000000751ca3e0 Thread [928:4216] 0000000077c23e85 Thread [928:3648] 0000000077c23e85 Thread [928:4640] 0000000070fe60d0 Thread [928:3880] 0000000070fe60d0 Thread [928:4840] 0000000070fe60d0 Thread [928:5008] 0000000070fe60d0 Thread [928:3540] 0000000070fe60d0 Thread [928:1260] 0000000077c23e85 Thread [928:3868] 0000000077c23e85 Thread [928:4116] 0000000077c23e85 Thread [928:2492] 0000000077c23e85 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2488:3440] 000007fefbb12a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2488:3452] 000007fef0b6d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2488:3748] 000007fef6c25124 Thread C:\Windows\System32\svchost.exe [4264:4604] 000007feef789688 ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!! Service D:\Programy_64\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 14 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2282398 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@CreationTime 0xA1 0x3D 0xE5 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@SetupOperations MoveFile("\??\d:\programy_64\avast\ashwebsv.dll.1382621161","\??\d:\programy_64\avast\ashwebsv.dll",TRUE)?MoveFile("\??\d:\programy_64\avast\ashwebsv.dll.sum.1382621161","\??\d:\programy_64\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\d:\programy_64\avast\avastui.exe.1382621161","\??\d:\programy_64\avast\avastui.exe",TRUE)?MoveFile("\??\d:\programy_64\avast\avastui.exe.sum.1382621161","\??\d:\programy_64\avast\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@StartBootCounter 6 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382621161@StartTickCounter 61726 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@CreationTime 0x0F 0x94 0x0E 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@SetupOperations DeleteFile("\??\d:\programy_64\avast\setup\inf\x64\aswsp.sys.1383953964")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\x64\aswsp.sys.sum.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.inf.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.inf.sum.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.cat.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.cat.sum.1383953964")? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@StartTickCounter 1610569 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383953964@LastPackageError -1073741772 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@CreationTime 0x3A 0xC9 0xF0 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@SetupOperations MoveFile("\??\d:\programy_64\avast\setup\instup.dll.1387283915","\??\d:\programy_64\avast\setup\instup.dll",TRUE)?MoveFile("\??\d:\programy_64\avast\setup\instup.dll.sum.1387283915","\??\d:\programy_64\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@StartBootCounter 12 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387283915@StartTickCounter 2280056 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\D:\Programy_64\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\D:\Programy_64\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "D:\Programy_64\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd05b5e Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1e-74-3a-4b-75@ClientLocalPort 62949 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1e-74-3a-4b-75@TeredoAddress 2001:0:9d38:6abd:1893:a1a:acf8:97eb Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3842 Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,0????????????????? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 14 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2282398 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@ Reverted Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@CreationTime 0xA1 0x3D 0xE5 0x95 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@SetupOperations MoveFile("\??\d:\programy_64\avast\ashwebsv.dll.1382621161","\??\d:\programy_64\avast\ashwebsv.dll",TRUE)?MoveFile("\??\d:\programy_64\avast\ashwebsv.dll.sum.1382621161","\??\d:\programy_64\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\d:\programy_64\avast\avastui.exe.1382621161","\??\d:\programy_64\avast\avastui.exe",TRUE)?MoveFile("\??\d:\programy_64\avast\avastui.exe.sum.1382621161","\??\d:\programy_64\avast\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@StartBootCounter 6 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382621161@StartTickCounter 61726 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@CreationTime 0x0F 0x94 0x0E 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@SetupOperations DeleteFile("\??\d:\programy_64\avast\setup\inf\x64\aswsp.sys.1383953964")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\x64\aswsp.sys.sum.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.inf.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.inf.sum.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.cat.1383953964")?DeleteFile("\??\d:\programy_64\avast\setup\inf\aswsp.cat.sum.1383953964")? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@StartBootCounter 8 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@StartTickCounter 1610569 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383953964@LastPackageError -1073741772 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@ Reverted Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@CreationTime 0x3A 0xC9 0xF0 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@SetupOperations MoveFile("\??\d:\programy_64\avast\setup\instup.dll.1387283915","\??\d:\programy_64\avast\setup\instup.dll",TRUE)?MoveFile("\??\d:\programy_64\avast\setup\instup.dll.sum.1387283915","\??\d:\programy_64\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@StartBootCounter 12 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387283915@StartTickCounter 2280056 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\D:\Programy_64\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\D:\Programy_64\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "D:\Programy_64\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd05b5e (not active ControlSet) ---- EOF - GMER 2.1 ----