GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-22 11:48:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4C 931,51GB Running: u117vtvg.exe; Driver: C:\Users\MARCIN~1\AppData\Local\Temp\awlirpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031bf000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800031bf02e 19 bytes [6C, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\services.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Windows\System32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text D:\Programy\Hamachi\hamachi-2.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text D:\Programy\Hamachi\LMIGuardianSvc.exe[2176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[2124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Users\Marcin_GW\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3584] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\NOTEPAD.EXE[4892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[4604] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\system32\NOTEPAD.EXE[2080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\notepad.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text C:\Windows\notepad.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784eecd 1 byte [62] .text D:\Programy\diagnostyka\gmer\u117vtvg.exe[4172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076eda2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [288:1080] 000007fefb0ea2b0 Thread C:\Windows\System32\svchost.exe [288:1348] 000007fef9df59a0 Thread C:\Windows\System32\svchost.exe [288:2088] 000007fef89a44e0 Thread C:\Windows\System32\svchost.exe [288:2880] 000007fefd221a70 Thread C:\Windows\System32\svchost.exe [288:3332] 000007fef91e88f8 Thread C:\Windows\System32\svchost.exe [288:2932] 000007fef36e3efc Thread C:\Windows\System32\svchost.exe [288:2268] 000007fef3728a4c Thread C:\Windows\System32\svchost.exe [288:3376] 000007fef89bd710 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4028:3020] 000007fefb8f2a7c Thread C:\Windows\system32\svchost.exe [2120:3600] 00000000667bb5fc Thread C:\Windows\system32\svchost.exe [2120:3624] 000000006eff1760 Thread C:\Windows\system32\svchost.exe [2120:4904] 000000006f058b1c Thread C:\Windows\system32\svchost.exe [2120:868] 000000006f05c740 Thread C:\Windows\system32\svchost.exe [2120:2352] 000000006f06498c Thread C:\Windows\system32\svchost.exe [2120:748] 00000000684e2234 Thread C:\Windows\system32\svchost.exe [2120:1064] 00000000667e0398 Thread C:\Windows\system32\svchost.exe [2120:752] 00000000667b6394 Thread C:\Windows\System32\svchost.exe [3136:4920] 000007fef0bf9688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2856] (GG drive overlay/GG Network S.A.)(2012-05-16 15:33:26) 000000005c080000 Library C:\Users\Marcin_GW\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2856] (GG drive menu/GG Network S.A.)(2012-05-16 15:32:43) 000000005ff80000 ---- Files - GMER 2.1 ---- File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\1\0B\C9E4Ed01 1468819 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\1\2E\A3600d01 1790539 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\1\C4\4333Cd01 19093 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\1\CB\78E4Dd01 20772 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\2\84\406AFd01 237568 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\2\19\D26ABd01 2109440 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\2\31\1B4B0d01 21507 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\2\7B\A4D92d01 21370 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\2\B3\F62C5d01 25430 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\3\83\7F138d01 26215 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\4\56\A69CEd01 54516 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\4\81\AA86Fd01 17037 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\4\A2\6B8F2d01 100532 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\4\C0\E0D94d01 76999 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\5\2F\561BBd01 19509 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\5\C8\83F8Ad01 23520 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\5\DC\37600d01 92631 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\6\18\D0B0Bd01 164351 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\6\34\7785Ed01 237568 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\7\EF\63196d01 43325 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\8\00\2C07Fd01 32284 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\8\54\812E0d01 100543 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\8\D7\1DEE3d01 21234 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\8\EA\20BC7d01 16417 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\9\55\730D0d01 2109440 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\9\74\33D66d01 18193 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\9\BD\57E58d01 34671 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\9\DE\90BC0d01 160336 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\9\EC\8C543d01 18165 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\A\9C\DA299d01 16757 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\B\A3\6B72Fd01 237568 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\B\12\D855Ad01 24796 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\B\54\E6335d01 2109440 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\B\7F\D151Dd01 237568 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\B\AB\7C954d01 23753 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\C\DF\095F7d01 107750 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\E\1C\60C09d01 88325 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\E\6B\52C39d01 25134 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\E\D0\FD9B3d01 554450 bytes File C:\Users\Marcin_GW\AppData\Local\Mozilla\Firefox\Profiles\5vvnts7o.default\Cache\E\DA\DDD03d01 158252 bytes File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\3F1A.tmp 1716 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Network Action Predictor 3072 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Archived History 53248 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Bookmarks 779 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Bookmarks.bak 779 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Cookies 7168 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Current Session 3085 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Current Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Favicons 16384 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\History 86016 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\History Provider Cache 11 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\History-journal 8720 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\JumpListIconsOld 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Last Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Preferences 25048 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Web Data 75776 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Local State 1920 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\PepperFlash 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Safe Browsing Bloom 2723404 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Safe Browsing Bloom Filter 2 833028 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Safe Browsing Csd Whitelist 134356 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Safe Browsing Download 1439576 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Chromium\User Data\Safe Browsing Download Whitelist 16600 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Users\Marcin_GW\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3373c9ebc3a5e445.customDestinations-ms 6112 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Windows\Prefetch\CTFMON.EXE-79423C0A.pf 24522 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-74FF4DA2.pf 104992 bytes File C:\avast! sandbox\S-1-5-21-2390189086-3348412821-3457465990-1000\sfzone\snx_fs.dat 13198 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 33792 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{cf84e77d-c1de-11e1-9b6b-ad5f3213df5b}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{cf84e77d-c1de-11e1-9b6b-ad5f3213df5b}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{cf84e77d-c1de-11e1-9b6b-ad5f3213df5b}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\Windows\Temp\_avast_\ws7681.dat 6099 bytes ---- EOF - GMER 2.1 ----