GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-13 14:57:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 119,24GB Running: 2ciugcsi.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\wininit.exe[816] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\system32\services.exe[888] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\system32\winlogon.exe[944] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\system32\atiesrxx.exe[828] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\System32\svchost.exe[1068] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1140] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1304] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\windows\Explorer.EXE[1664] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2036] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2080] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2108] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2144] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2316] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2584] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2936] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075641465 2 bytes [64, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756414bb 2 bytes [64, 75] .text ... * 2 .text C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe[2992] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[3016] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2688] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2812] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2884] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075df8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2884] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2640] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3108] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075641465 2 bytes [64, 75] .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756414bb 2 bytes [64, 75] .text ... * 2 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[3200] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe[5532] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774aef8d 1 byte [62] .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[5648] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[5760] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[5760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075641465 2 bytes [64, 75] .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[5760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756414bb 2 bytes [64, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[5632] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5624] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075641465 2 bytes [64, 75] .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756414bb 2 bytes [64, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[5708] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075641465 2 bytes [64, 75] .text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756414bb 2 bytes [64, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe[5692] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] .text C:\Users\user\Desktop\2ciugcsi.exe[4440] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e1a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\windows\SysWOW64\ntdll.dll [2116:2120] 00000000004050de ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2936](2013-04-03 15:22:55) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2936](2013-04-03 15:22:55) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2936](2013-04-03 15:22:55) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2936](2013-04-03 15:22:55) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039af9bee5 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039af9bee5 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 55543 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 23218 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 20339 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 22956 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 41920 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 31064 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 34312 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 38344 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 34996 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 51554 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cache\index 262512 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Current Session 1225 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 190 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 285 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 14904 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\GPUCache\index 262512 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History 360448 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02 155648 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History Index 2014-02-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03 245760 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History Index 2014-03-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 79227 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\History-journal 29240 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.youtube.com_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 5120 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Preferences 987 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 194 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Web Data 73728 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\sfzone_profile\Local State 1500 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla\Firefox 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2py99f4x.default 0 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2py99f4x.default\places.sqlite 10485760 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\C\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2py99f4x.default\places.sqlite-journal 33288 bytes File C:\avast! sandbox\S-1-5-21-1130217176-4031021830-1519301973-1000\sfzone\snx_fs.dat 13470 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{89700165-a3e2-11e3-a181-848e6b0b5c69}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{89700165-a3e2-11e3-a181-848e6b0b5c69}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{89700165-a3e2-11e3-a181-848e6b0b5c69}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----