GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-07 20:29:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST380013AS rev.8.12 74,51GB Running: gmer.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\axliauob.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateKey [0xF7753342] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwEnumerateValueKey [0xF77533F2] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF7A036E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF7A03800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF7A03010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF7A034D0] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF775322A] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF7A03300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF7A033E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF7A03120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF7A03210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF7A035E0] ---- Kernel code sections - GMER 2.1 ---- ? aqbexa.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6405380, 0x2FF527, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BFB6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C027 .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C155 .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\firefox.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0126C930 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0149E0AA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1248] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0149E083 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1248] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0149E00D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915732 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9157A3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9158D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, 81, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 7C, F2, 00] {SUB [EDX+ESI*8+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7F, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 7C, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 7D, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C896 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7E, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 7D, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7E, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C907 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 7C, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CA35 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 7D, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7E, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7F, F2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2316] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2664] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2664] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2664] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2664] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, 71, 00] {TEST AL, 0x59; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914772 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, 71, 00] {TEST AL, 0x5a; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9147E3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, 71, 00] {TEST AL, 0x58; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914911 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3004] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 20, C4, 01] {SBB [EAX], AH; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys Device \Driver\prodrv06 \Device\ProDrv06 E224FC30 Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys Device \Driver\prohlp02 \Device\ProHlp02 E1596320 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0x97 0xFB 0xBB ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xB3 0x05 0xCE ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0xE9 0x1D 0x09 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x63 0x0F 0xD7 0xEF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x0D 0x3E 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x0D 0x3E 0x34 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x0D 0x3E 0x34 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x0D 0x3E 0x34 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 17353E0E5EF86BD29395F352A32D041AEA4C4A597BA81A7E830AF438A3C3763875C2EE7789952D6E1A6E36EDC5847D97F55D51A2E85B84E36719A7499BF639BF2FD82E3F067F425DC4005CAD8B341259F7B6F5A7DF4359E4E786216358B74904C8905200A0711F60F24D835E32AE89A1CDE3BA05262D5862008567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E6678EDD5E5BE2F6E667D1726E5F286C1EB996EDF5769C1BC4AD14CCA947B6AD4E137798D746FE6097BC956C56DFE5BCCE14CE4B1F26355DD9708CB977568DE246BEC1A8AB26F154CB7C8432DE636A3C61FD30285BE831A1DC0A246F8457EFC8253D00A9D0318DCC78C684B8D12E91FC3A70F0044E740C1959767F186F9898CF40AEE914FA68ED16D882FD659B1475C91E384951BD16022BBE894A55F6778819508B3955036373AE90EC5E905001F99EB87578F595AA976F6066B2BA7EE982FC709DAECCE6C8C14AA293940AA4F243AA189C3E4EE3A79035F5876C510EF78C8322058ED245D6C0507ADB1793727B39542D77E1A95C93F87B1CBCAD14D13D73EC4A33202CE4DD1D5DE4FCDC6338420BB250A2AC4AD4899EF94FA6B072996B452CAFEEAE99ADC547C09283E32217002993BB8E6BE64A38131A74B934515945D Reg HKLM\SOFTWARE\Classes\Installer\Features\24AB4394119B068488AC63D16B60EAAA Reg HKLM\SOFTWARE\Classes\Installer\Features\24AB4394119B068488AC63D16B60EAAA@MainFea Reg HKLM\SOFTWARE\Classes\Installer\Features\24AB4394119B068488AC63D16B60EAAA@fea_CORE MainFea Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@ProductName AVG 2015 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@PackageCode 395EB1ECA76054A4CB22F72B25DAE797 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@Language 1033 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@Version 251662429 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@Transforms :pl.mst Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@Assignment 1 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@AdvertiseFlags 388 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@InstanceType 0 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@AuthorizedLUAApp 0 Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA@Clients :? Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList@PackageName COREx86.msi Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList@LastUsedSource n;1;C:\Documents and Settings\All Users\Dane aplikacji\MFAData\pack\ Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList\Media Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList\Media@32 ; Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList\Net Reg HKLM\SOFTWARE\Classes\Installer\Products\24AB4394119B068488AC63D16B60EAAA\SourceList\Net@1 C:\Documents and Settings\All Users\Dane aplikacji\MFAData\pack\ ---- EOF - GMER 2.1 ----