GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-12 17:16:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 HGST_HTS541010A9E680 rev.JA0OA560 931,51GB Running: b0is0gv4.exe; Driver: C:\Users\WIUNTE~1\AppData\Local\Temp\pgriypob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [932:800] fffffd8fa9336c20 Thread C:\WINDOWS\explorer.exe [1980:9244] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:7820] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:6672] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9564] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:404] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8380] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8300] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9520] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:7908] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:4008] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:7136] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9956] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:1428] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:6960] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:10184] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8816] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:6268] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9636] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:416] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:5504] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9764] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8504] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:1132] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:5900] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:2624] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3076] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3784] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:9540] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3520] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3440] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3188] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:5748] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:5656] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:2304] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:6328] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:6184] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8052] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3804] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:8008] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:1820] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3996] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3664] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3436] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3488] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3872] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:3860] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [1980:4064] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:1868] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:3972] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9300] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8752] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6532] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9876] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6480] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:7408] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9856] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:5488] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:4292] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8684] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:5516] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8596] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:4444] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:3764] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9644] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:1356] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:2580] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:1188] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9236] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9088] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:2904] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:5976] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:7712] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:4500] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:176] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6136] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:5716] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8716] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:5296] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8116] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6576] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8688] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:4168] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9924] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:2200] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6372] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:10068] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9608] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:1944] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:8620] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6444] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:7988] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:6860] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:7328] 00007ffba9c420e0 Thread C:\WINDOWS\explorer.exe [9768:9900] 00007ffba9c420e0 ---- Services - GMER 2.2 ---- Service system32\drivers\aswbidsdrivera.sys (*** hidden *** ) [SYSTEM] aswbidsdriver <-- ROOTKIT !!! Service system32\drivers\aswbidsha.sys (*** hidden *** ) [BOOT] aswbidsh <-- ROOTKIT !!! Service system32\drivers\aswbloga.sys (*** hidden *** ) [BOOT] aswblog <-- ROOTKIT !!! Service system32\drivers\aswbuniva.sys (*** hidden *** ) [BOOT] aswbuniv <-- ROOTKIT !!! Service system32\drivers\aswHwid.sys (*** hidden *** ) [MANUAL] aswHwid <-- ROOTKIT !!! Service system32\drivers\aswKbd.sys (*** hidden *** ) [SYSTEM] aswKbd <-- ROOTKIT !!! Service system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!! Service system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!! Service system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!! Service system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!! Service system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!! Service system32\drivers\aswStm.sys (*** hidden *** ) [AUTO] aswStm <-- ROOTKIT !!! Service system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!! Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [MANUAL] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [MANUAL] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden *** ) [MANUAL] WinDefend <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files (x86)\Google\Chrome??\??\C:\WINDOWS\system32\spool\PRTPROCS\x64\2_hpfpp101.dll??\??\C:\ProgramData\~0\WinThrusterSetup.exe??\??\C:\ProgramData\~0\mia.lib??\??\C:\ProgramData\~0\??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\Instup.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\instup.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\aswOfferTool.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\avBugReport.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\AvDump32.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\AvDump64.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\HTMLayout.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\Instup.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\instup.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\??\??\C:\WINDOWS\sy Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1789670019 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ImagePath "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@DisplayName aswbIDSAgent Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Description Provides Identity Protection Against Cyber Crime. Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ImagePath \SystemRoot\system32\drivers\aswbidsdrivera.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@DisplayName aswbidsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ImagePath \SystemRoot\system32\drivers\aswbidsha.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@DisplayName aswbidsh Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@Reboot 20 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@ImagePath \SystemRoot\system32\drivers\aswbloga.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@DisplayName aswblog Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@LogDir \??\C:\ProgramData\AVAST Software\Avast\log Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@ConfigDir \??\C:\ProgramData\AVAST Software\Avast\cfg Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@NotifyDrivers \Device\AvaswIDSErHr?\Device\aswIDS_Ioc2?\Device\AvaswUniv? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ImagePath \SystemRoot\system32\drivers\aswbuniva.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@DisplayName aswbuniv Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@ImagePath \SystemRoot\system32\drivers\aswHwid.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@DisplayName aswHwid Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Tag 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ImagePath \SystemRoot\system32\drivers\aswKbd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \SystemRoot\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ImagePath \SystemRoot\system32\drivers\aswRvrt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Group Extended Base Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \??\C:\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 617474 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 11 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604@CreationTime 0x00 0xA9 0x8C 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\148932779490604@SetupOperations DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.148932779490604")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@CreationTime 0xA1 0xA3 0x62 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@SetupOperations ???K?????K?K?K??????????????? ???????K???????????@???????? ??????????????????????????K???~??Commited??????P??J???K?????????????????t?????????????m?????t\A???????K???r??????t\??????Ne???????L???.???????s??? ???????J?????K?????K?"????????V?0?????? ???????????.??4????K?K?K?K?K?K?K???????????d??te???????????a????????????P??K????????h??y??\SystemRoot\system32\drivers\aswSnx.sys?ys???????????K?????????e? ??aswSnx?y?y????0??K??????????FSFilter Virtualization??????????K???d???????e??FltMgr???y??? ???????K?????K?????K?"???????? ????????????????? ??K??????????????aswSnx Instance??????K?????K???K????? ???????K???????????K?"?????????????????????e???????K???8??????137600?y?y???K?K?????????????d??s??????K????? ???????K???????????K?"????????T??? ???????????? T??K???y??????????\??\C:\Program Files\AVAST Software\Avast????K?K????? P??K???d?????y?y??\??\C:\ProgramData\AVAST Software\Avast?????? ???????J?????K?????K?"????????T?1??????????????????d??ve???K?K?K?K?K?K?K???????????s??ty???????????d???????z????N??K????????h??|??\Sy Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@FailedOperations C0000034 MoveFile("\??\C:\Program Files\AVAST Software\Avast\asw2B89.tmp","\??\C:\Program Files\AVAST Software\Avast\aswSZB.dll",TRUE)?C0000034 MoveFile("\??\C:\Program Files\AVAST Software\Avast\Aav5F8B.tmp","\??\C:\Program Files\AVAST Software\Avast\Aavm4h.dll",TRUE)?C0000034 MoveFile("\??\C:\Program Files\AVAST Software\Avast\Ava811F.tmp","\??\C:\Program Files\AVAST Software\Avast\AvastUI.exe",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@StartBootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473111402288@StartTickCounter 541628 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@CreationTime 0x2F 0x3E 0xA7 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@SetupOperations MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw2175.tmp","\??\C:\Program Files\AVAST Software\Avast\afwServ.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw2196.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCore.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw21B6.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCoreClient.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw21C7.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCoreServ.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw21F6.tmp","\??\C:\Program Files\AVAST Software\Avast\afwGeoIP.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afw2217.tmp","\??\C:\Program Files\AVAST Software\Avast\afwRpc.dll",TRUE)?MoveFile("\??\C:\ProgramData\AVAST Software\Avast\fw\mac2268.tmp","\??\C:\ProgramData\AVAST Software\Avast\fw\macaddr.db",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\ahR575A.tmp","\??\C:\Program Files\AVAST Software\Avast\ahResSecDns.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@StartBootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14892473809842288@StartTickCounter 541628 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288@CreationTime 0x15 0x60 0x16 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893277644532288@SetupOperations DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8f0.ori")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup",FALSE,FALSE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288@CreationTime 0xFF 0xB5 0x74 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14893278105932288@SetupOperations DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8f0.ori")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup",FALSE,FALSE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ImagePath \SystemRoot\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ImagePath \SystemRoot\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Group FSFilter Security Enhancer Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances@DefaultInstance aswSP Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance@Altitude 388401 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@UsersFolder \??\C:\Users Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@SZBProgramFolder \??\C:\Program Files\AVAST Software\SZBrowser Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@SZBDataFolder \??\C:\ProgramData\AVAST Software\SZBrowser Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ImagePath \SystemRoot\system32\drivers\aswStm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@DisplayName aswStm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Group NDIS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@WdfMajorVersion 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@WdfMinorVersion 9 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ImagePath \SystemRoot\system32\drivers\aswVmm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Group Extended Base Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName Avast Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu Avast na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\40e23079f13e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\40e23079f13e@7c0bc6238436 0x83 0xBF 0x7D 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\40e23079f13e@b869c209981f 0x30 0x53 0x97 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7617 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1C7A1A36-197A-4CD8-A5A3-A6FD70F63058} v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C6246B29-A47E-4D5E-BA90-BB8BB6363B17} v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xDA 0xD8 0x6A 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xDA 0x40 0x2F 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xDA 0x70 0xA6 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Group _Early-Launch Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@ImagePath \SystemRoot\system32\drivers\WdBoot.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@ImagePath \SystemRoot\system32\drivers\WdFilter.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----