GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-27 18:52:24 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925030 rev.0001 232,89GB Running: m57g1hli.exe; Driver: C:\Users\Ana\AppData\Local\Temp\uxtiapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\winlogon.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Windows\system32\taskhost.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\Dwm.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\Explorer.EXE[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe[2168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75] .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75] .text ... * 2 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe[2944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[2952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[2964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\WindowsMobile\wmdc.exe[3068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[1104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[3140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[3204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\igfxext.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[3752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe[3860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75] .text ... * 2 .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[4340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[4400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[4716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\system32\conhost.exe[4740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Apoint2K\HidFind.exe[4852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[2772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75] .text ... * 2 .text C:\Windows\notepad.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768f1fd 1 byte [62] .text C:\Users\Ana\Desktop\m57g1hli.exe[3828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e9b0c5 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2000:2116] 000007fef18d9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 13 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 498404 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 13 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 498404 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. ---- EOF - GMER 2.1 ----