GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 10:04:23 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-00CAA1 rev.17.07W17 74,53GB Running: opm4rjsp.exe; Driver: C:\Users\DAREK\AppData\Local\Temp\pxldapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x894D259C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F412388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x894D302E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x894DE7F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x894DE83E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x894DE9D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x894DE760] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8F412720] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x894DE7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x894D352C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x894D3748] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x894DE992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x894D3DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x894D2602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x894D75C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F412450] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8F4109B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x894D2668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x894D798C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x894D4874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x894DE81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x894DE860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x894DE9FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x894DE786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x894D6EA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x894DE910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x894DE7D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x894D729A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x894DE9B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F4125B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x894D4740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x894D444E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x894D26CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x894D2734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x894D3C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x894D2284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x894D245A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x894D23E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x894D3FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x894D4110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x894D24E2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8F412678] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x894D3C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8F4109E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x894D279A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F4124FC] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F42BBA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4AA09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E841F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E8B220 4 Bytes [9C, 25, 4D, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E8B248 4 Bytes [88, 23, 41, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E8B2A8 4 Bytes [2E, 30, 4D, 89] {XOR [CS:EBP-0x77], CL} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E8B2FC 8 Bytes [F2, E7, 4D, 89, 3E, E8, 4D, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E8B308 4 Bytes [D8, E9, 4D, 89] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83018D3D 5 Bytes JMP 8F428A3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83031380 5 Bytes JMP 8F42A56C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830464DF 4 Bytes CALL 894D4F37 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83060333 4 Bytes CALL 894D4F4D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EA224 7 Bytes JMP 8F42BBA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90216000, 0x2BFBF0, 0xE8000020] .text kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[348] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[400] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[436] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1432] USER32.dll!GetWindowInfo 76E14B5E 5 Bytes JMP 56FEE50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1432] USER32.dll!ToUnicodeEx + 71 76E22223 7 Bytes JMP 56FEE9FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1528] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1576] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] ntdll.dll!LdrUnloadDll 76FFC86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] ntdll.dll!LdrLoadDll 7700223E 5 Bytes JMP 56E16D70 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 76D0941E 7 Bytes JMP 5716D713 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] KERNEL32.dll!QueryPerformanceCounter + 13 76D0C435 7 Bytes JMP 5716D736 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] KERNEL32.dll!LoadAppInitDlls + 355 76D0F4F6 7 Bytes JMP 56E31C62 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] KERNEL32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] USER32.dll!UnhookWindowsHookEx 76E0ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] USER32.dll!UnhookWinEvent 76E0B750 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] USER32.dll!SetWindowsHookExW 76E0E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] USER32.dll!SetWinEventHook 76E124DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] USER32.dll!SetWindowsHookExA 76E36D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3572] GDI32.dll!GetViewportOrgEx + 26C 761B884B 7 Bytes JMP 5716D694 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\wuauclt.exe[3684] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[3884] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4336] KERNEL32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[4376] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateKey + 6 76FE560E 4 Bytes [68, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateKey + B 76FE5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateMutant + 6 76FE564E 4 Bytes [68, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateMutant + B 76FE5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateSection + 6 76FE56EE 4 Bytes [A8, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtCreateSection + B 76FE56F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes CALL 75FE6367 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenKey + 6 76FE5D0E 4 Bytes [A8, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenKey + B 76FE5D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenKeyEx + 6 76FE5D1E 4 Bytes CALL 75FE6454 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenKeyEx + B 76FE5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenMutant + 6 76FE5D5E 4 Bytes [28, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenMutant + B 76FE5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [68, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes [A8, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [68, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenSection + 6 76FE5DCE 4 Bytes CALL 75FE6505 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenSection + B 76FE5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [28, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [28, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes [A8, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE6723 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes CALL 75FE6DD6 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [28, 35, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] kernel32.dll!CreateProcessW 76CC204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] kernel32.dll!CreateProcessA 76CC2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!ActivateKeyboardLayout 76E08203 5 Bytes JMP 002304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!ScreenToClient 76E0A506 7 Bytes JMP 00230670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!RegisterClipboardFormatA 76E0C091 5 Bytes JMP 002302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!RegisterClipboardFormatW 76E0DF8D 5 Bytes JMP 002302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!SetCursor 76E13075 5 Bytes JMP 00230530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!MonitorFromWindow 76E13622 7 Bytes JMP 00230630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!PostMessageW 76E1447B 5 Bytes JMP 002305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!IsWindowVisible 76E14D69 7 Bytes JMP 002306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClientRect 76E154DD 7 Bytes JMP 002305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!MapWindowPoints 76E15CAA 5 Bytes JMP 00230570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetParent 76E16029 7 Bytes JMP 002306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!EmptyClipboard 76E2290C 5 Bytes JMP 00230130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!SetClipboardData 76E22962 5 Bytes JMP 00230170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardData 76E22BA7 5 Bytes JMP 00230030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardFormatNameW 76E25FD2 5 Bytes JMP 00230230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!SetClipboardViewer 76E26FF6 5 Bytes JMP 002304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardFormatNameA 76E2700A 5 Bytes JMP 00230270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!ChangeClipboardChain 76E3147C 5 Bytes JMP 00230430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetTopWindow 76E324D9 7 Bytes JMP 00230730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!CloseClipboard 76E3446C 5 Bytes JMP 002300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!OpenClipboard 76E3447E 5 Bytes JMP 00230070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!IsClipboardFormatAvailable 76E344FF 5 Bytes JMP 002300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardSequenceNumber 76E34513 5 Bytes JMP 00230330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardOwner 76E34525 5 Bytes JMP 00230370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!CountClipboardFormats 76E3470A 5 Bytes JMP 002301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!EnumClipboardFormats 76E347EC 5 Bytes JMP 002301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetOpenClipboardWindow 76E3480B 5 Bytes JMP 002303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!SetCursorPos 76E4C1B0 5 Bytes JMP 00230770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetClipboardViewer 76E64AF7 5 Bytes JMP 00230470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] user32.DLL!GetPriorityClipboardFormat 76E64BF9 5 Bytes JMP 002303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!DeleteObject 761B5F14 5 Bytes JMP 002401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SelectObject 761B6640 5 Bytes JMP 002405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetTextColor 761B6906 5 Bytes JMP 00240A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetBkMode 761B69B1 5 Bytes JMP 002408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!DeleteDC 761B6EAA 5 Bytes JMP 00240170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetDeviceCaps 761B6F7F 5 Bytes JMP 002403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!ExtSelectClipRgn 761B7114 5 Bytes JMP 002402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SelectClipRgn 761B7242 5 Bytes JMP 002405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetStretchBltMode 761B7705 5 Bytes JMP 002406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetCurrentObject 761B7917 5 Bytes JMP 00240370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextMetricsW 761B7B8F 5 Bytes JMP 00240E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextAlign 761B7DAF 5 Bytes JMP 00240D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!IntersectClipRect 761B7DFE 5 Bytes JMP 002403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!ExtTextOutW 761B8192 5 Bytes JMP 00240970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetTextAlign 761B828E 5 Bytes JMP 002409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetClipBox 761B8525 5 Bytes JMP 00240330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!MoveToEx 761B8C21 5 Bytes JMP 00240470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!StretchDIBits 761BA53E 5 Bytes JMP 00240770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!RestoreDC 761BA67B 5 Bytes JMP 00240530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SaveDC 761BA74B 5 Bytes JMP 00240570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextExtentPoint32W 761BB4B5 5 Bytes JMP 00240670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextFaceW 761BB73A 2 Bytes JMP 00240D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextFaceW + 3 761BB73D 2 Bytes [08, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetFontData 761BBCC4 5 Bytes JMP 00240C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetWorldTransform 761BC90A 5 Bytes JMP 002406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!CreateDCA 761BCCA9 5 Bytes JMP 002400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!CreateDCW 761BCF79 5 Bytes JMP 002400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!CreateICW 761BCFD0 5 Bytes JMP 00240130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextMetricsA 761BD0F2 5 Bytes JMP 00240DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!Rectangle 761BF1FF 5 Bytes JMP 002409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!LineTo 761BF59B 5 Bytes JMP 00240430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetICMMode 761BFAA4 5 Bytes JMP 00240DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!ExtTextOutA 761C03F9 5 Bytes JMP 00240930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextExtentPoint32A 761C07B0 5 Bytes JMP 00240630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!ExtEscape 761C2949 5 Bytes JMP 002402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!Escape 761C3939 5 Bytes JMP 00240270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetTextFaceA 761C3E6A 5 Bytes JMP 00240CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetPolyFillMode 761CD851 5 Bytes JMP 00240B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SetMiterLimit 761CDA0D 5 Bytes JMP 00240B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!EndPage 761D00D7 5 Bytes JMP 00240230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!ResetDCW 761D050D 5 Bytes JMP 00240AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!GetGlyphOutlineW 761DC1BA 5 Bytes JMP 00240CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!CreateScalableFontResourceW 761DE817 5 Bytes JMP 00240BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!AddFontResourceW 761DEC13 5 Bytes JMP 00240BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!RemoveFontResourceW 761DF109 5 Bytes JMP 00240C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!AbortDoc 761E4C63 5 Bytes JMP 00240030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!EndDoc 761E50AA 5 Bytes JMP 002401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!StartPage 761E5195 5 Bytes JMP 00240730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!StartDocW 761E5BB0 5 Bytes JMP 002407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!BeginPath 761E635D 5 Bytes JMP 00240830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!SelectClipPath 761E63B4 5 Bytes JMP 00240AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!CloseFigure 761E640F 5 Bytes JMP 00240070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!EndPath 761E6466 5 Bytes JMP 00240A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!StrokePath 761E6699 5 Bytes JMP 002407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!FillPath 761E6726 5 Bytes JMP 00240870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!PolylineTo 761E6B94 5 Bytes JMP 002404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!PolyBezierTo 761E6C25 5 Bytes JMP 002404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] GDI32.dll!PolyDraw 761E6CD7 5 Bytes JMP 002408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ole32.dll!OleSetClipboard 76770045 5 Bytes JMP 00360030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ole32.dll!OleIsCurrentClipboard 767736B2 5 Bytes JMP 00360070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] ole32.dll!OleGetClipboard 7679FDCD 5 Bytes JMP 003600B0 .text C:\Users\DAREK\Downloads\OTL.exe[5368] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] .text C:\Windows\system32\DllHost.exe[5992] kernel32.dll!GetBinaryTypeW + 70 76D269F4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72DCFC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72DCFC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72DCFC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00080090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00230790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002307D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00080090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5260] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00080090 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee} 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a20-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming\.minecraft\resources 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee} 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\r381\Uninstall.exe_{72274a37-686f-11e2-8573-001bfc0859ee}\C\Users\DAREK\AppData\Roaming\.minecraft\resources 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 5 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor 3072 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Archived History 53248 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Bookmarks 779 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Cookies 7168 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Current Session 545 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Current Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Favicons 16384 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\History 86016 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\History Provider Cache 11 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Preferences 5074 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Default\Web Data 75776 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Local State 1920 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\PepperFlash 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Safe Browsing Bloom 1895000 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Safe Browsing Bloom Filter 2 781418 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Safe Browsing Csd Whitelist 134612 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Safe Browsing Download 1384428 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\sfzone_profile\Safe Browsing Download Whitelist 19852 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Users\DAREK\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d8b393b9387fc13c.customDestinations-ms 6306 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\C\Windows\Prefetch\CTFMON.EXE-AF4187A6.pf 26054 bytes File C:\avast! sandbox\S-1-5-21-303203307-493594314-157293843-1001\sfzone\snx_fs.dat 7002 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 37888 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{5c806540-957a-11e2-877e-001bfc0859ee}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{5c806540-957a-11e2-877e-001bfc0859ee}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{5c806540-957a-11e2-877e-001bfc0859ee}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----