GMER 2.2.19882 - http://www.gmer.net
3rd party scan 2021-02-06 05:40:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 INTEL_SSDSC2BW120A4 rev.DC32 111,79GB
Running: gmer.exe; Driver: C:\Users\PAVEL-~1\AppData\Local\Temp\awtdykow.sys


---- Modules - GMER 2.2 ----

Module   \SystemRoot\system32\drivers\spiderg3.sys (Dr.Web File System Monitor/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                          fffff8076dad0000-fffff8076db2e000 (385024 bytes)
Module   \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:15)                         fffff8076db30000-fffff8076dc42000 (1122304 bytes)
Module   \SystemRoot\system32\drivers\dwdg.sys (Dr.Web device Guard for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:13)                         fffff8076dc50000-fffff8076dc97000 (290816 bytes)
Module   \SystemRoot\system32\drivers\drweblwf.sys (Dr.Web Firewall for Windows driver/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                  fffff8076dca0000-fffff8076dd40000 (655360 bytes)
Module   \SystemRoot\System32\Drivers\dump_diskdump.sys                                                                                               fffff80766880000-fffff8076688e000 (57344 bytes)
Module   \SystemRoot\System32\drivers\dump_storahci.sys                                                                                               fffff807668d0000-fffff80766902000 (204800 bytes)
Module   \SystemRoot\System32\Drivers\dump_dumpfve.sys                                                                                                fffff80766930000-fffff8076694d000 (118784 bytes)
---- Processes - GMER 2.2 ----

Process  C:\Windows\system32\svchost.exe [1268] (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                                            00007fff48a90000
Library  C:\Program Files\DrWeb\drwamsi64.dll (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                                              00007fff48a90000
Process  C:\Windows\Explorer.EXE [1512] (Dr.Web Shell Extension/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:12)                                         00007fff509f0000
Library  C:\Program Files\DrWeb\drwsxtn64.dll (Dr.Web Shell Extension/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:12)                                   00007fff509f0000
Process  C:\Users\Pavel-BLACK PC\Desktop\gmer.exe [2996](2021-02-06 04:10:32)                                                                         0000000000400000

---- Services - GMER 2.2 ----

Service                                                                                                                                               ADOVMPPackage
Service                                                                                                                                               CoreUI
Service                                                                                                                                               iaStorAV
Service                                                                                                                                               napagent
Service                                                                                                                                               NetbiosSmb
Service                                                                                                                                               netvscvfpp
Service                                                                                                                                               RDMANDK
Service                                                                                                                                               RDPUDD
Service                                                                                                                                               workerdd
Service  C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Dr.Web Scanning Engine/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:42)  [MANUAL] DrWebEngine
Service  C:\Program Files\DrWeb\dwnetfilter.exe (Dr.Web Net filtering service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:10)                           [MANUAL] DrWebNetFilter
Service  C:\Program Files\DrWeb\dwservice.exe (Dr.Web Control Service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)                                   [AUTO] DrWebAVService
Service  C:\Windows\System32\drivers\BthA2dp.sys (Bluetooth A2DP Driver/Microsoft Corporation)(2019-12-07 09:07:47)                                   [MANUAL] BthA2dp
Service  C:\Program Files\DrWeb\frwl_svc.exe (Dr.Web Firewall for Windows service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:14)                       [MANUAL] DrWebFwSvc
Service  C:\Windows\system32\drivers\drweblwf.sys (Dr.Web Firewall for Windows driver/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                   [BOOT] DrWebLwf
Service  C:\Windows\system32\drivers\dwdg.sys (Dr.Web device Guard for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:13)                          [BOOT] DwDevGuard
Service  C:\Windows\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:15)                          [BOOT] DwProt
Service  C:\Windows\system32\drivers\spiderg3.sys (Dr.Web File System Monitor/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)                           [BOOT] SpiderG3

---- Registry - GMER 2.2 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthA2dp@ImagePath                                                                                     C:\Windows\System32\drivers\BthA2dp.sys (Bluetooth A2DP Driver/Microsoft Corporation)(2019-12-07 09:07:47)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DrWebAVService@ImagePath                                                                              C:\Program Files\DrWeb\dwservice.exe (Dr.Web Control Service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DrWebEngine@ImagePath                                                                                 C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Dr.Web Scanning Engine/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:42)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DrWebFwSvc@ImagePath                                                                                  C:\Program Files\DrWeb\frwl_svc.exe (Dr.Web Firewall for Windows service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:14)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DrWebLwf@ImagePath                                                                                    C:\Windows\system32\drivers\drweblwf.sys (Dr.Web Firewall for Windows driver/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DrWebNetFilter@ImagePath                                                                              C:\Program Files\DrWeb\dwnetfilter.exe (Dr.Web Net filtering service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:10)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DwDevGuard@ImagePath                                                                                  C:\Windows\system32\drivers\dwdg.sys (Dr.Web device Guard for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:13)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\DwProt@ImagePath                                                                                      C:\Windows\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:15)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\DrWebFWSvc@EventMessageFile                                                      C:\Program Files\DrWeb\frwl_svc.exe (Dr.Web Firewall for Windows service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:14)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\Dr.Web Engine@EventMessageFile                                                    C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Dr.Web Scanning Engine/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:42)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\DrWebAmsi32@EventMessageFile                                                      C:\Program Files\DrWeb\drwamsi32.dll (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\DrWebAmsi64@EventMessageFile                                                      C:\Program Files\DrWeb\drwamsi64.dll (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\DrWebARKDaemon@EventMessageFile                                                   C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe (Dr.Web Anti-Rootkit Server/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:42)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\DrWebAVService@EventMessageFile                                                   C:\Program Files\DrWeb\dwservice.exe (Dr.Web Control Service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Doctor Web\DwNetFilter@EventMessageFile                                                      C:\Program Files\DrWeb\dwnetfilter.exe (Dr.Web Net filtering service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:10)
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SpiderG3@ImagePath                                                                                    C:\Windows\system32\drivers\spiderg3.sys (Dr.Web File System Monitor/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)
Reg      HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{0A56AC17-36B3-8320-3A3C-9B74469F0756}@PRODUCTEXE                                        C:\Program Files\DrWeb\dwsewsc.exe (Dr.Web Action Center Control/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{0A56AC17-36B3-8320-3A3C-9B74469F0756}@REPORTINGEXE                                      C:\Program Files\DrWeb\dwservice.exe (Dr.Web Control Service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{326D2D32-7CDC-8278-1163-3241B84C402D}@PRODUCTEXE                                        C:\Program Files\DrWeb\dwsewsc.exe (Dr.Web Action Center Control/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{326D2D32-7CDC-8278-1163-3241B84C402D}@REPORTINGEXE                                      C:\Program Files\DrWeb\dwservice.exe (Dr.Web Control Service/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:58)
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@SpIDerAgent                                                                               C:\Program Files\DrWeb\spideragent.exe (SpIDer Agent for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:03)
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5352DB49-883D-4b64-8443-DA7B80C33ED5}@ModifyPath                                   C:\ProgramData\Doctor Web\Setup\drweb-win-space\win-space-setup.exe (Dr.Web Security Space setup/Doctor Web, Ltd. SIGNED)(2021-02-06 03:40:31)
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5352DB49-883D-4b64-8443-DA7B80C33ED5}@DisplayIcon                                  C:\Program Files\DrWeb\spideragent.exe (SpIDer Agent for Windows/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:03)
Reg      HKLM\SOFTWARE\Classes\CLSID\{035B18F9-A217-44d5-91C9-B682C33C1078}\InProcServer32@                                                           C:\Program Files\DrWeb\drwsxtn64.dll (Dr.Web Shell Extension/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:12)
Reg      HKLM\SOFTWARE\Classes\CLSID\{F6DF102F-4611-4BC9-8C64-742A644429BD}\InProcServer32@                                                           C:\Program Files\DrWeb\drwamsi64.dll (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)
Reg      HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E7593602-124B-47C9-9F73-A69308EDC973}\InProcServer32@                                               C:\Program Files\DrWeb\drwsxtn.dll (Dr.Web Shell Extension/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:12)
Reg      HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F6DF102F-4611-4BC9-8C64-742A644429BD}\InProcServer32@                                               C:\Program Files\DrWeb\drwamsi32.dll (Dr.Web AMSI/Doctor Web, Ltd. SIGNED)(2021-02-06 03:41:11)

---- EOF - GMER 2.2 ----
