GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-18 13:30:02 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.AX00 298,09GB Running: mxoe50en.exe; Driver: C:\Users\GOSIAC~1\AppData\Local\Temp\pwqyqkoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C34ABA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C34B684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C3576F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C357744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C3578DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C357666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x88598DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C3576AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x88599080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8859916A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C357898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C34C472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C34AC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8C34FC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8C34A7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x88598ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C34AC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C35005E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C34CF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C357722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C357766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C357902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C35768C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C34F560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8C357816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C3576D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8C34F94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C3578BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x88598C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8C34CDCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C34CADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C34ACD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C34AD3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x88598FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C34A892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C34AA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C34A9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C34C63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C34C79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C34AAEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x88598D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C34C2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8C34ADA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x88598BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82084A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820BE212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 820C5460 2 Bytes [A6, AB] {CMPSB ; STOSD } .text ntkrnlpa.exe!KeRemoveQueueEx + 10CE 820C5463 1 Byte [8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 820C54E8 4 Bytes [84, B6, 34, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 820C553C 6 Bytes [F8, 76, 35, 8C, 44, 77] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AE 820C5543 1 Byte [8C] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[548] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\system32\services.exe[596] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 7639F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Program Files\Launch Manager\dsiwmis.exe[1492] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1616] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1712] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\avastui.exe[3488] kernel32.dll!SetUnhandledExceptionFilter 7639F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[3488] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3512] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[3632] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Program Files\Acer\Acer VCM\RS_Service.exe[3644] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3916] kernel32.dll!GetBinaryTypeW + 70 763B6AAC 1 Byte [62] .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d2978d9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d2978d9@40b0fa15108d 0xB1 0xD1 0xA2 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d2978d9@e892a4b4a484 0x83 0x21 0x48 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d2978d9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d2978d9@40b0fa15108d 0xB1 0xD1 0xA2 0x24 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d2978d9@e892a4b4a484 0x83 0x21 0x48 0x21 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone\productid 32 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11 1003520 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 8192 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 8192 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Current Session 832 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Current Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State\000003.log 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History 2068480 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10 929792 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10-journal 911600 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History Index 2013-11-journal 419120 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 148502 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\History-journal 382184 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Last Session 1046 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Last Tabs 8 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 5120 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Preferences 10259 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Web Data 73728 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\First Run 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Local State 2080 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\LocalLow 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\LocalLow\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 328 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla\Firefox 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla\Firefox\Profiles 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla\Firefox\Profiles\nkrmh002.default 0 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla\Firefox\Profiles\nkrmh002.default\places.sqlite 10485760 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\C\Users\Gosiaczek\AppData\Roaming\Mozilla\Firefox\Profiles\nkrmh002.default\places.sqlite-journal 33288 bytes File C:\avast! sandbox\S-1-5-21-4234890097-2591519782-3488358239-1000\sfzone\snx_fs.dat 12152 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{71dcfcca-5380-11e3-be5c-089e01405c26}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{71dcfcca-5380-11e3-be5c-089e01405c26}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{71dcfcca-5380-11e3-be5c-089e01405c26}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\06fee035c41dd7edd3ea0f1851d39283 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f4a273c77f0b00e57146542241232d70 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\e0a1d8355d2d8b99cff51b9df27c8097 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5dfbb403257456f8ac25042ba9fdc5cc 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\c056d9c4bf376d9ff1bf49333a901916 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\6bc273159d037e9d702110a3c7c28dbc 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c07fc3dd84b6d35d1d4bdaf4c2e90ec9 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e8eaf1b9458bda7b23abf51b4c2473c2 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\index647.dat 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0d904f36dc765e18a8efa9e25ff5ed22 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\b3856811fcf37de8db762e205ea5dfd3 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\72a294f179cce915536cc397c7c8bc30 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1763039da9d7b187e84e7d1a8258d12a 0 bytes ---- EOF - GMER 2.1 ----