GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-16 12:00:38 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 ST350041 rev.CC37 465,76GB Running: 6d5hzjhb.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kgqcqaod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAE02CAD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xAE28083C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAE02D5B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAE0736A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAE0396B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAE039704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAE03989E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAE073054] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAE039626] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAE039748] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAE03966E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAE02DAEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAE039858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAE02E3A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAE02CB3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAE073D66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAE07401C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAE031BF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAE073BD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAE073A3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xAE280914] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAE02C728] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAE280CF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAE02CBA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAE031FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAE02EEE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAE0396E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAE039726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAE0398C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAE0733B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAE03964C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAE0314EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAE0397D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAE039696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAE0318D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAE03987C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAE280A94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAE0738B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAE02ECFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAE073709] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAE02E854] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAE28EB28] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xAE28F4EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAE072697] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAE02CC08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAE02CC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAE02E21C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAE02C7C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAE02C994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAE073E6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAE02C922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAE02E56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAE02E6CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAE02CA1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAE02E05A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAE02E1FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xAE27DAD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAE02CCD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAE02D610] INT 0x73 ? 8AC86CB8 INT 0x83 ? 8AC86CB8 INT 0xB4 ? 8AA79F00 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CA4 80504540 8 Bytes [EA, DA, 02, AE, 58, 98, 03, ...] {JMP FAR 0x398:0x58ae02da; SCASB } .text ntkrnlpa.exe!ZwCallbackReturn + 2D8C 80504628 8 Bytes [E8, 1F, 03, AE, E6, EE, 02, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes [EA, 14, 03, AE] .text ntkrnlpa.exe!ZwCallbackReturn + 2EA0 8050473C 4 Bytes CALL CF3CF543 .text ntkrnlpa.exe!ZwCallbackReturn + 2F1D 805047B9 11 Bytes [CC, 02, AE, 6E, CC, 02, AE, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A646E 4 Bytes CALL AE02F5B7 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF7361FEE] .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF7272000, 0xC5E, 0x40000040] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xED27C000, 0x1E2E7A, 0xE8000020] ? C:\WINDOWS\System32\Drivers\auphak5k.SYS suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3600] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8ACC81F8 Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{56A33ABA-E170-40AE-8CAA-289810A630A0} 8A3771F8 Device \Driver\usbohci \Device\USBPDO-0 8AAA6440 Device \Driver\usbehci \Device\USBPDO-1 8AAA7440 Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\PCI_PNP0114 \Device\00000049 sptd.sys Device \Driver\PCI_PNP0114 \Device\00000049 sptd.sys Device \Driver\atapi \Device\Ide\IdePort0 [F7232B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7232B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8AAA2440 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3771F8 Device \Driver\NetBT \Device\NetbiosSmb 8A3771F8 Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\usbohci \Device\USBFDO-0 8AAA6440 Device \Driver\usbehci \Device\USBFDO-1 8AAA7440 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896271F8 Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector 896271F8 Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path1Target1Lun0 8ACC91F8 Device \Driver\nvgts \Device\Scsi\nvgts1 8ACC91F8 Device \Driver\nvgts \Device\Scsi\nvgts2 8ACC91F8 Device \Driver\auphak5k \Device\Scsi\auphak5k1 8AAA4440 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ac83dd0]<< 8ac83dd0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acbc030] 8acbc030 Trace 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8acc0988] 8acc0988 Trace 5 ACPI.sys[f728a620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path1Target1Lun0[0x8ac0ea38] 8ac0ea38 Trace \Driver\nvgts[0x8acc0ca0] -> IRP_MJ_CREATE -> 0x8acc91f8 8acc91f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6F 0x0B 0xF8 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x3B 0x88 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x69 0xD4 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x29 0x21 0x5C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6F 0x0B 0xF8 0xDB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x1B 0xA0 0x87 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x69 0xD4 0x32 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x29 0x21 0x5C ... ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\Documents and Settings 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\Documents and Settings\user 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\Documents and Settings\user\Ustawienia lokalne 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\Documents and Settings\user\Ustawienia lokalne\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 4 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Network Action Predictor 5120 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache\data_0 8192 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache\data_2 8192 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache\data_3 8192 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cookies 6144 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Cookies-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Current Session 3653 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State\000003.log 569 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Extension State\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\History Provider Cache 6 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Local Extension Settings 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 3072 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal 3608 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Preferences 2130 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Secure Preferences 18853 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\Local State 5708 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-790525478-1004336348-725345543-1004\sfzone\snx_fs.dat 6858 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 2.1 ----