GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-08 23:55:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 TOSHIBA_ rev.GT00 298,09GB Running: 3x7qy4bs.exe; Driver: C:\Users\radek\AppData\Local\Temp\ugddrkow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe[1304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[3068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\Explorer.EXE[2444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[852] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files (x86)\USB TV\EM28XX\BDARemote.exe[2680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007642a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007642a2fd 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[1784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007642a2fd 1 byte [62] .text C:\Program Files\CCleaner\CCleaner64.exe[2000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text F:\programy do logów\3x7qy4bs.exe[2420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007642a2fd 1 byte [62] ---- Services - GMER 2.1 ---- Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@Tag 3 Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet001\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet001\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet001\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet001\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet001\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt\Parameters@BootCounter 18 Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt\Parameters@TickCounter 24603 Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet001\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet001\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet001\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet001\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet001\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet001\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet001\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet001\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet001\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet001\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet001\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet001\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet001\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet001\services\avast! Antivirus\Parameters (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 26 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 30481 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Tag 3 Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@BootCounter 26 Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@TickCounter 30481 Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet003\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet003\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus\Parameters (not active ControlSet) ---- EOF - GMER 2.1 ----