GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-07 20:08:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3750525AS rev.JC4B 698,64GB Running: zto52ekr.exe; Driver: C:\Users\p\AppData\Local\Temp\axloyuog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb6000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fb6011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\services.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1388] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\ProgramData\IePluginService\PluginService.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\ProgramData\IePluginService\PluginService.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\ProgramData\IePluginService\PluginService.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\ProgramData\WPM\wprotectmanager.exe[1840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\ProgramData\WPM\wprotectmanager.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\ProgramData\WPM\wprotectmanager.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Windows\Explorer.EXE[2136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[3064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files\EslWire\service\WireHelperSvc.exe[2964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text D:\Smite\HiPatchService.exe[3040] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2600] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075aa8769 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe[3116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgemca.exe[3136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[3844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\conhost.exe[4084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000747e1a22 2 bytes [7E, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000747e1ad0 2 bytes [7E, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000747e1b08 2 bytes [7E, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000747e1bba 2 bytes [7E, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000747e1bda 2 bytes [7E, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[4844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\Tor\tor.exe[4892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5620] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[5868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[6060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5452] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007584549c 5 bytes JMP 00000001001d0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75] .text ... * 2 .text C:\Windows\system32\taskmgr.exe[4932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[4684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7eecd 1 byte [62] .text C:\Users\p\Downloads\zto52ekr.exe[3376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075aca2ba 1 byte [62] ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1840] (WPM Service/Cherished Technololgy LIMITED)(2 0000000000e00000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2136] (GG drive overlay/GG Network S.A.)(2013-02-24 18:43:05) 000000005c080000 ---- Services - GMER 2.1 ---- Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 263 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 4461382 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@CreationTime 0xBD 0x89 0xF1 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387292744","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387292744","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@StartBootCounter 84 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292744@StartTickCounter 912567 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A9AA945-F533-49F8-A211-D8E0CD074EFA}@LeaseObtainedTime 1396893786 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A9AA945-F533-49F8-A211-D8E0CD074EFA}@T1 1396893913 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A9AA945-F533-49F8-A211-D8E0CD074EFA}@T2 1396894009 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A9AA945-F533-49F8-A211-D8E0CD074EFA}@LeaseTerminatesTime 1396894041 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 263 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 4461382 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@CreationTime 0xBD 0x89 0xF1 0x7B ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387292744","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387292744","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@StartBootCounter 84 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292744@StartTickCounter 912567 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet) ---- EOF - GMER 2.1 ----