GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-18 09:55:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 TOSHIBA_THNSNJ128GCSU rev.JURA0101 119,24GB Running: vvhjpe7h.exe; Driver: C:\Users\janou\AppData\Local\Temp\awddykod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075481401 2 bytes JMP 7574b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075481419 2 bytes JMP 7574b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075481431 2 bytes JMP 757c9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007548144a 2 bytes CALL 75724885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754814dd 2 bytes JMP 757c8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754814f5 2 bytes JMP 757c8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007548150d 2 bytes JMP 757c8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075481525 2 bytes JMP 757c8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007548153d 2 bytes JMP 7573fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075481555 2 bytes JMP 75746907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007548156d 2 bytes JMP 757c9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075481585 2 bytes JMP 757c8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007548159d 2 bytes JMP 757c88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754815b5 2 bytes JMP 7573fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754815cd 2 bytes JMP 7574b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754816b2 2 bytes JMP 757c90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754816bd 2 bytes JMP 757c8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075728769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075481401 2 bytes JMP 7574b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075481419 2 bytes JMP 7574b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075481431 2 bytes JMP 757c9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007548144a 2 bytes CALL 75724885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754814dd 2 bytes JMP 757c8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754814f5 2 bytes JMP 757c8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007548150d 2 bytes JMP 757c8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075481525 2 bytes JMP 757c8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007548153d 2 bytes JMP 7573fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075481555 2 bytes JMP 75746907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007548156d 2 bytes JMP 757c9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075481585 2 bytes JMP 757c8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007548159d 2 bytes JMP 757c88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754815b5 2 bytes JMP 7573fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754815cd 2 bytes JMP 7574b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754816b2 2 bytes JMP 757c90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754816bd 2 bytes JMP 757c8891 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\wbem\wbemsvc.dll [2220] entry point in ".rdata" section 00000000741c96f0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Syncovery\SyncoveryVSS.exe[2888] @ C:\Program Files\Syncovery\SyncoveryVSS.exe[kernel32.dll!RaiseException] [6bca70] C:\Program Files\Syncovery\SyncoveryVSS.exe IAT C:\Program Files\Syncovery\SyncoveryVSS.exe[2888] @ C:\Program Files\Syncovery\SyncoveryVSS.exe[kernel32.dll!RaiseException] [6bca70] C:\Program Files\Syncovery\SyncoveryVSS.exe IAT C:\Program Files\Syncovery\SyncoveryVSS.exe[2888] @ C:\Program Files\Syncovery\SyncoveryVSS.exe[kernel32.dll!RaiseException] [6bca70] C:\Program Files\Syncovery\SyncoveryVSS.exe ---- Files - GMER 2.2 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb} 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6} 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1028 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1028\mbapreq.wxl 2167 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1029 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1029\mbapreq.wxl 2600 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1030 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1030\mbapreq.wxl 2428 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1031 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1031\mbapreq.wxl 2584 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1032 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1032\mbapreq.wxl 3542 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1035 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1035\mbapreq.wxl 2377 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1036 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1036\mbapreq.wxl 2448 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1038 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1038\mbapreq.wxl 2534 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1040 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1040\mbapreq.wxl 2446 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1041 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1041\mbapreq.wxl 2687 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1042 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1042\mbapreq.wxl 2378 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1043 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1043\mbapreq.wxl 2454 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1044 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1044\mbapreq.wxl 2313 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1045 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1045\mbapreq.wxl 2510 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1046 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1046\mbapreq.wxl 2289 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1049 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1049\mbapreq.wxl 3022 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1051 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1051\mbapreq.wxl 2476 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1053 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1053\mbapreq.wxl 2274 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1055 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1055\mbapreq.wxl 2445 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1060 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\1060\mbapreq.wxl 2342 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\2052 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\2052\mbapreq.wxl 2122 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\2070 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\2070\mbapreq.wxl 2353 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\3082 0 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\3082\mbapreq.wxl 2542 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\BootstrapperApplicationData.xml 6904 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\BootstrapperCore.config 901 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\BootstrapperCore.dll 81920 bytes executable File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\mbahost.dll 112128 bytes executable File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\mbapreq.dll 175616 bytes executable File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\mbapreq.png 797 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\mbapreq.thm 3915 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\mbapreq.wxl 2158 bytes File C:\avast! sandbox\S-1-5-21-2629472346-4294126388-1045716372-1000\r147\MixedInKeySetupNew_8_{f51a9093-99e8-11e6-85f7-448a5bcdb7cb}\C\Users\janou\AppData\Local\Temp\{ad7da029-eaa3-406c-b983-ea8b9ab4d3f6}\.ba1\SetupUI.dll 185856 bytes executable ---- EOF - GMER 2.2 ----