GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-24 23:50:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-14 ST500DM002-1BD142 rev.KC45 465,76GB Running: tfsejzdl.exe; Driver: C:\DOCUME~1\Paluch\USTAWI~1\Temp\uwliaaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAC8A1AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAC8A257E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAC8E685D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAC8AE5C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAC8AE614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAC8AE7AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAC8E6211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAC8AE536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAC8AE658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAC8AE57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAC8A2AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAC8AE768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAC8A336C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAC8A1B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAC8E6F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAC8E71D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAC8A6B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAC8E6D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAC8E6BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAC8A16F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xACBB77B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAC8A1B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAC8A6F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAC8A3E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAC8AE5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAC8AE636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAC8AE7D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAC8E656D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAC8AE55C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAC8A643A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAC8AE6E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAC8AE5A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAC8A6822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAC8AE78C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xACBB7556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAC8E6A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAC8A3CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAC8E68C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAC8A381E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xACBC5526] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAC8E5857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAC8A1BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAC8A1C38] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAC8A31E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAC8A178C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAC8A195E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAC8E702A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAC8A18EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAC8A3536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAC8A3698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAC8A19E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAC8A3024] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAC8A31C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAC8A1C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAC8A25DA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D2, 1B, 8A, AC, 38, 1C, 8A, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [36, 35, 8A, AC, 98, 36, 8A, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AC8A4501 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB951A000, 0x1E2E7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\afwServ.exe[168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[168] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[168] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[992] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2392] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3820] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3820] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3844] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Paluch\Moje dokumenty\Downloads\tfsejzdl.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Paluch\Moje dokumenty\Downloads\tfsejzdl.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1136] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1136] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Cookies 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Cookies\index.dat 32768 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Historia 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Historia\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Historia\History.IE5\index.dat 49152 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temp\02406edb-f414-4aa2-997e-b5d4294e35ec.dmp 79249 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temp\1d23e2aa-b35d-4b11-99df-ceac90b15bda.dmp 77281 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temp\6fa7f151-2945-4b1a-99f3-4d5874333666.dmp 77411 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temp\a37d4fe2-58cc-414c-a630-5af6bdb2c442.dmp 79079 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temporary Internet Files\Content.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Documents and Settings\Paluch\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat 212992 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\Program Files\AVAST Software\Avast\sfzone\productid 32 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache\data_2 8192 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Current Session 771 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Current Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\History Index 2014-05 36864 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\History Index 2014-05-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\History Provider Cache 3952 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Last Session 244 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Preferences 9973 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Web Data 73728 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\First Run 0 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\C\sfzone_profile\Local State 1944 bytes File C:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\snx_fs.dat 8904 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes File D:\avast! sandbox 0 bytes File D:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003 0 bytes File D:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone 0 bytes File D:\avast! sandbox\S-1-5-21-515967899-746137067-839522115-1003\sfzone\D 0 bytes ---- EOF - GMER 2.1 ----