GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-22 14:52:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\pc\AppData\Local\Temp\uglcraoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\avastui.exe[2708] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076578769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077511401 2 bytes JMP 7659b1ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077511419 2 bytes JMP 7659b31a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077511431 2 bytes JMP 76618f09 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007751144a 2 bytes CALL 76574885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775114dd 2 bytes JMP 76618802 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775114f5 2 bytes JMP 766189d8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007751150d 2 bytes JMP 766186f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077511525 2 bytes JMP 76618ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007751153d 2 bytes JMP 7658fc78 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077511555 2 bytes JMP 765968bf C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007751156d 2 bytes JMP 76618fc1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077511585 2 bytes JMP 76618b22 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007751159d 2 bytes JMP 766186bc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775115b5 2 bytes JMP 7658fd11 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775115cd 2 bytes JMP 7659b2b0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775116b2 2 bytes JMP 76618e84 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4848] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775116bd 2 bytes JMP 76618651 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076578769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077511401 2 bytes JMP 7659b1ef C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077511419 2 bytes JMP 7659b31a C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077511431 2 bytes JMP 76618f09 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007751144a 2 bytes CALL 76574885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775114dd 2 bytes JMP 76618802 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775114f5 2 bytes JMP 766189d8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007751150d 2 bytes JMP 766186f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077511525 2 bytes JMP 76618ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007751153d 2 bytes JMP 7658fc78 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077511555 2 bytes JMP 765968bf C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007751156d 2 bytes JMP 76618fc1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077511585 2 bytes JMP 76618b22 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007751159d 2 bytes JMP 766186bc C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775115b5 2 bytes JMP 7658fd11 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775115cd 2 bytes JMP 7659b2b0 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775116b2 2 bytes JMP 76618e84 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[5460] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775116bd 2 bytes JMP 76618651 C:\windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\Dwm.exe [1548:1656] 000007fefa60f0d8 Thread C:\windows\system32\Dwm.exe [1548:1684] 000007fefa27abf0 Thread C:\windows\Explorer.EXE [1572:2096] 000007fefc166204 Thread C:\windows\Explorer.EXE [1572:2508] 000007fef7212118 Thread C:\windows\Explorer.EXE [1572:2660] 000007fefa8b2154 Thread C:\windows\Explorer.EXE [1572:3676] 000007fef3282f9c Thread C:\windows\system32\taskhost.exe [1848:1964] 000007fefa7d1f38 Thread C:\windows\system32\taskhost.exe [1848:2204] 000007fef7981010 Thread C:\windows\system32\taskhost.exe [1848:2876] 000007fef8585170 ---- Processes - GMER 2.1 ---- Process C:\Users\pc\AppData\Local\Temp\Rar$EXa0.402\jhnmqgsg.exe (*** suspicious ***) @ C:\Users\pc\AppData\Local\Temp\Rar$EXa0.402\jhnmqgsg.exe [5408](2015-02-04 12:59:56) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7AFF7B38-731B-459F-A506-AEEE0712235A}\Connection@Name isatap.{0F20381E-B6FF-450E-A9E5-EC4362ED5DBD} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{813E1C8A-1B45-47B2-82ED-FCB42B04CD62}?\Device\{F4F13C20-B384-47DB-9C6E-663023D65796}?\Device\{4B1C8A49-F410-4ABD-8AD4-2CA608B04F00}?\Device\{7AFF7B38-731B-459F-A506-AEEE0712235A}?\Device\{5BB7BC30-0C99-4B07-AE05-E008EAE6E221}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{813E1C8A-1B45-47B2-82ED-FCB42B04CD62}"?"{F4F13C20-B384-47DB-9C6E-663023D65796}"?"{4B1C8A49-F410-4ABD-8AD4-2CA608B04F00}"?"{7AFF7B38-731B-459F-A506-AEEE0712235A}"?"{5BB7BC30-0C99-4B07-AE05-E008EAE6E221}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{813E1C8A-1B45-47B2-82ED-FCB42B04CD62}?\Device\TCPIP6TUNNEL_{F4F13C20-B384-47DB-9C6E-663023D65796}?\Device\TCPIP6TUNNEL_{4B1C8A49-F410-4ABD-8AD4-2CA608B04F00}?\Device\TCPIP6TUNNEL_{7AFF7B38-731B-459F-A506-AEEE0712235A}?\Device\TCPIP6TUNNEL_{5BB7BC30-0C99-4B07-AE05-E008EAE6E221}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039acb1fc5 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7AFF7B38-731B-459F-A506-AEEE0712235A}@InterfaceName isatap.{0F20381E-B6FF-450E-A9E5-EC4362ED5DBD} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7AFF7B38-731B-459F-A506-AEEE0712235A}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039acb1fc5 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 8192 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\f_000001 40382 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\f_000002 143105 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Index 23552 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Application Cache\Index-journal 10832 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 42660 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 51366 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 32631 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 56096 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 57315 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 49643 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 113768 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 127008 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 84041 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 57829 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 34414 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 33944 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 34772 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 18712 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 28049 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 32360 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 41848 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 26706 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 22142 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 45555 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 215741 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 27432 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 35828 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 31394 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 41990 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 98678 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 40624 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 38390 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 47477 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 87477 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 327833 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 45349 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 41848 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 42660 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 146153 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 29224 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 48048 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 36201 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 17542 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 33013 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 146153 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cookies 13312 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 4640 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Current Session 18511 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\databases 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db 7168 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\databases\Databases.db-journal 512 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\000005.ldb 262 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\000006.log 170 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 259 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG.old 47 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000004 151 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Favicons 24576 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\000003.log 324 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\MANIFEST-000002 32 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\CA60.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\CA61.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\55D2.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\55D3.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Last Session 3653 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log 141 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_online.mbank.pl_0.localstorage 7168 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_online.mbank.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.google.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\https_www.google.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_ls.hit.gemius.pl_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.mbank.pl_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.mbank.pl_0.localstorage-journal 512 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Preferences 5645 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\QuotaManager 13312 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\QuotaManager-journal 8768 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Secure Preferences 18854 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 457208 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Shortcuts 20480 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 8720 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\TransportSecurity 636 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Local State 5848 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1060B7ADDE0FF6DE85637BF89FC4CEBC_CE1DBF03058A11F15C13D3C2DF075682 1595 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 1762 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_CE1DBF03058A11F15C13D3C2DF075682 394 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873 402 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\Users\pc\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\49676d175fb9351e.customDestinations-ms 6138 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\windows 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\C\windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 45730 bytes File C:\avast! sandbox\S-1-5-21-2666340739-2498256653-3035462964-1000\sfzone\snx_fs.dat 27760 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{be274fa7-93f4-11e4-8d3a-e46d0f296914}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{be274fa7-93f4-11e4-8d3a-e46d0f296914}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{be274fa7-93f4-11e4-8d3a-e46d0f296914}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----