GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-20 21:13:18 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1252GSX rev.LV011C 111,79GB Running: xnsbsdh9.exe; Driver: C:\Users\Grazya\AppData\Local\Temp\kwrdrpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8F245BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8F246684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8F2526F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8F252744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8F2528DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8F252666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8F2FCDF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8F2526AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8F2FD080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8F2FD16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8F252898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8F247472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8F245C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8F24AC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8F2457F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8F2FCED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8F245C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8F24B05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8F247F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8F252722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8F252766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8F252902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8F25268C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8F24A560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8F252816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8F2526D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8F24A94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8F2528BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8F2FCC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8F247DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8F247ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8F245CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8F245D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8F2FCFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8F245892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8F245A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8F2459F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8F24763C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8F24779E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8F245AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8F2FCD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8F2472CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8F245DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8F2FCBA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 82A459E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7F312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82A86550 4 Bytes [A6, 5B, 24, 8F] {CMPSB ; POP EBX; AND AL, 0x8f} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82A865D8 4 Bytes [84, 66, 24, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82A8662C 8 Bytes [F8, 26, 25, 8F, 44, 27, 25, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82A86638 4 Bytes [DE, 28, 25, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82A86654 4 Bytes [66, 26, 25, 8F] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C4268D 4 Bytes CALL 8F248641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C5C4F3 4 Bytes CALL 8F248657 \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A14000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\MobileBrServ\mbbservice.exe[340] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[412] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\rpcnet.exe[468] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[472] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 7792F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1604] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[1688] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1824] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [18, 20, C2, 64] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1824] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1824] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1824] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1824] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1916] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[2000] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, 30, 20, 00] {SUB [EAX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [28, 33, 20, 00] {SUB [EBX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, 30, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [A8, 31, 20, 00] {TEST AL, 0x31; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [A8, 32, 20, 00] {TEST AL, 0x32; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [68, 31, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [68, 32, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, 30, 20, 00] {TEST AL, 0x30; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, 31, 20, 00] {SUB [ECX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + 6 77D566DE 4 Bytes [28, 32, 20, 00] {SUB [EDX], DH; AND [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [68, 33, 20, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 002D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 002D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2780] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\System32\svchost.exe[2860] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2916] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2988] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] kernel32.dll!SetUnhandledExceptionFilter 7792F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3544] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3664] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3700] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3864] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Users\Grazya\Desktop\xnsbsdh9.exe[3896] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, 14, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [28, 17, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, 14, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [A8, 15, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [A8, 16, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [68, 15, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [68, 16, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, 14, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, 15, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtSetInformationThread + 6 77D566DE 4 Bytes [28, 16, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [68, 17, FB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 010003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 010001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4248] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[4372] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, E0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [28, E3, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, E0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [A8, E1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [A8, E2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [68, E1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [68, E2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, E0, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, E1, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + 6 77D566DE 4 Bytes [28, E2, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [68, E3, 0E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 001B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 001B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4460] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, 8C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [28, 8F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, 8C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [A8, 8D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [A8, 8E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [68, 8D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [68, 8E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, 8C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, 8D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6 77D566DE 4 Bytes [28, 8E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [68, 8F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 00B803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 00B801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4600] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4672] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4724] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, 90, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + 6 77D55C6E 4 Bytes [28, 93, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, 90, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [A8, 91, E1, 00] {TEST AL, 0x91; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [A8, 92, E1, 00] {TEST AL, 0x92; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [68, 91, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [68, 92, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, 90, E1, 00] {TEST AL, 0x90; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, 91, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + 6 77D566DE 4 Bytes [28, 92, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [68, 93, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!LdrUnloadDll 77D6C8DE 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!LdrLoadDll 77D722AE 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] KERNEL32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\System32\svchost.exe[5576] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\System32\svchost.exe[5748] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[6108] kernel32.dll!GetBinaryTypeW + 70 77946AAC 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A4249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A25652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A25710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A4251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A3857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A34D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A350D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A351AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74A366DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A382D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A38824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A39085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A3E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A34C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\B9926106-381F-4F48-BF85-1CD1C46807F5@IPAddress 127.0.0.1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@477D5203 1176 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Program Files 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Program Files\AVAST Software 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Program Files\AVAST Software\Avast 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Program Files\AVAST Software\Avast\sfzone\productid 32 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 5 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History Index 2013-11 45056 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000001 55264 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000002 23218 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000003 62486 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000004 20293 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000005 41848 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000006 35572 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000007 42660 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\f_000008 77194 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cookies 9216 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Cookies-journal 7736 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Current Session 10702 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Current Tabs 4126 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Favicons-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache\data_0 45056 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache\data_2 1056768 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\GPUCache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History 114688 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History Index 2013-09 36864 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History Index 2013-12 65536 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History Index 2013-12-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History Provider Cache 9123 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIcons\1BEC.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIcons\1BED.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIcons\1BFE.tmp 28134 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIconsOld\BAE6.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\JumpListIconsOld\BAE7.tmp 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Origin Bound Certs 7168 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Preferences 13963 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\README 186 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage\000003.log 68 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Web Data 73728 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\First Run 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Local State 14082 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows\History 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming\Microsoft\Windows\Recent 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Users\Grazya\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d8b393b9387fc13c.customDestinations-ms 8765 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Windows\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf 26724 bytes File C:\avast! sandbox\S-1-5-21-116417745-706197743-1563856382-1001\sfzone\snx_fs.dat 13858 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 29696 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{60798e5d-689b-11e3-a291-002264617526}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{60798e5d-689b-11e3-a291-002264617526}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{60798e5d-689b-11e3-a291-002264617526}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----