GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-18 20:17:18 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GK8O 698,64GB Running: 2k8fxt4h.exe; Driver: C:\Users\Henio\AppData\Local\Temp\ugloipod.sys ---- User code sections - GMER 2.1 ---- .text D:\Programy\Kaspersky Internet Security 2012\avp.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077459ab8 5 bytes JMP 000000016ac91765 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000756d0827 5 bytes JMP 000000016e649ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000756e081c 5 bytes JMP 000000016e798ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000756e2483 5 bytes JMP 000000016e798f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000756e4b7c 5 bytes JMP 000000016e798e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000756f9b0b 5 bytes JMP 000000016e798ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075705fb7 5 bytes JMP 000000016e5a1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075706397 1 byte JMP 000000016e798f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 2 0000000075706399 3 bytes {JMP 0xfffffffff9092c04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007571d3ad 5 bytes JMP 000000016e798d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007571d3d1 5 bytes JMP 000000016e798d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000756070a6 5 bytes JMP 000000016e799150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074a5881c 5 bytes JMP 000000016e799000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3900] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074a58834 5 bytes JMP 000000016e7990a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077484572 6 bytes JMP 000000016e60980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007748457d 6 bytes JMP 000000016e668054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076848312 5 bytes JMP 000000016e6075e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000756c7bb3 5 bytes JMP 000000016e667ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000756c8c38 5 bytes JMP 000000016e5eddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000756cf2ca 5 bytes JMP 000000016e5ededd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000756d010d 5 bytes JMP 000000016e68ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756d03d2 5 bytes JMP 000000016e6425b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000756d0827 5 bytes JMP 000000016e649ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756d17ea 5 bytes JMP 000000016e6703df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000756d263b 5 bytes JMP 000000016e79a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000756d280d 5 bytes JMP 000000016e613643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000756d78d1 5 bytes JMP 000000016e799310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 00000000756d805d 5 bytes JMP 000000016e7999fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!EndDialog 00000000756d87af 5 bytes JMP 000000016e799ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000756df8f3 5 bytes JMP 000000016e7992d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000756e081c 5 bytes JMP 000000016e798ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000756e2483 5 bytes JMP 000000016e798f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000756e4b7c 5 bytes JMP 000000016e798e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000756e9b1b 5 bytes JMP 000000016e799268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000756e9c47 5 bytes JMP 000000016e7999d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000756ebd5b 5 bytes JMP 000000016e7992a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000756f9b0b 5 bytes JMP 000000016e798ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075702a58 5 bytes JMP 000000016e79a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075705fb7 5 bytes JMP 000000016e5a1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075706397 1 byte JMP 000000016e798f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 2 0000000075706399 3 bytes {JMP 0xfffffffff9092c04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007571d3ad 5 bytes JMP 000000016e798d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007571d3d1 5 bytes JMP 000000016e798d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!keybd_event 000000007571d782 5 bytes JMP 000000016e79a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\USER32.dll!SendInput 0000000075725af6 5 bytes JMP 000000016e79a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076581e80 5 bytes JMP 000000016e799704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000755a3df0 5 bytes JMP 000000016e79987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000755a3e40 5 bytes JMP 000000016e7997fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000755a462b 5 bytes JMP 000000016e79976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000755a74bc 5 bytes JMP 000000016e79981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000756070a6 5 bytes JMP 000000016e799150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074a5881c 5 bytes JMP 000000016e799000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074a58834 5 bytes JMP 000000016e7990a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 172 000000006df81d18 4 bytes [E8, 00, FF, 7D] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3232] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 180 000000006df81d20 8 bytes [54, 01, FF, 7D, C0, 01, FF, ...] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077484572 6 bytes JMP 000000016e60980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007748457d 6 bytes JMP 000000016e668054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076848312 5 bytes JMP 000000016e6075e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000756c7bb3 5 bytes JMP 000000016e667ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000756c8c38 5 bytes JMP 000000016e5eddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000756cf2ca 5 bytes JMP 000000016e5ededd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000756d010d 5 bytes JMP 000000016e68ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756d03d2 5 bytes JMP 000000016e6425b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000756d0827 5 bytes JMP 000000016e649ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756d17ea 5 bytes JMP 000000016e6703df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000756d263b 5 bytes JMP 000000016e79a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000756d280d 5 bytes JMP 000000016e613643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000756d78d1 5 bytes JMP 000000016e799310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 00000000756d805d 5 bytes JMP 000000016e7999fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!EndDialog 00000000756d87af 5 bytes JMP 000000016e799ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000756df8f3 5 bytes JMP 000000016e7992d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000756e081c 5 bytes JMP 000000016e798ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000756e2483 5 bytes JMP 000000016e798f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000756e4b7c 5 bytes JMP 000000016e798e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000756e9b1b 5 bytes JMP 000000016e799268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000756e9c47 5 bytes JMP 000000016e7999d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000756ebd5b 5 bytes JMP 000000016e7992a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000756f9b0b 5 bytes JMP 000000016e798ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075702a58 5 bytes JMP 000000016e79a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075705fb7 5 bytes JMP 000000016e5a1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075706397 1 byte JMP 000000016e798f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 2 0000000075706399 3 bytes {JMP 0xfffffffff9092c04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007571d3ad 5 bytes JMP 000000016e798d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007571d3d1 5 bytes JMP 000000016e798d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!keybd_event 000000007571d782 5 bytes JMP 000000016e79a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\USER32.dll!SendInput 0000000075725af6 5 bytes JMP 000000016e79a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076581e80 5 bytes JMP 000000016e799704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000755a3df0 5 bytes JMP 000000016e79987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000755a3e40 5 bytes JMP 000000016e7997fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000755a462b 5 bytes JMP 000000016e79976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000755a74bc 5 bytes JMP 000000016e79981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000756070a6 5 bytes JMP 000000016e799150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074a5881c 5 bytes JMP 000000016e799000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074a58834 5 bytes JMP 000000016e7990a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 172 000000006df81d18 4 bytes [E8, 00, FF, 7D] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1040] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 180 000000006df81d20 8 bytes [54, 01, FF, 7D, C0, 01, FF, ...] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077484572 6 bytes JMP 000000016e60980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007748457d 6 bytes JMP 000000016e668054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076848312 5 bytes JMP 000000016e6075e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000756c7bb3 5 bytes JMP 000000016e667ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000756c8c38 5 bytes JMP 000000016e5eddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000756cf2ca 5 bytes JMP 000000016e5ededd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000756d010d 5 bytes JMP 000000016e68ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756d03d2 5 bytes JMP 000000016e6425b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000756d0827 5 bytes JMP 000000016e649ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756d17ea 5 bytes JMP 000000016e6703df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000756d263b 5 bytes JMP 000000016e79a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000756d280d 5 bytes JMP 000000016e613643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000756d78d1 5 bytes JMP 000000016e799310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 00000000756d805d 5 bytes JMP 000000016e7999fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!EndDialog 00000000756d87af 5 bytes JMP 000000016e799ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000756df8f3 5 bytes JMP 000000016e7992d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000756e081c 5 bytes JMP 000000016e798ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000756e2483 5 bytes JMP 000000016e798f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000756e4b7c 5 bytes JMP 000000016e798e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000756e9b1b 5 bytes JMP 000000016e799268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000756e9c47 5 bytes JMP 000000016e7999d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000756ebd5b 5 bytes JMP 000000016e7992a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000756f9b0b 5 bytes JMP 000000016e798ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075702a58 5 bytes JMP 000000016e79a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075705fb7 5 bytes JMP 000000016e5a1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075706397 1 byte JMP 000000016e798f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 2 0000000075706399 3 bytes {JMP 0xfffffffff9092c04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007571d3ad 5 bytes JMP 000000016e798d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007571d3d1 5 bytes JMP 000000016e798d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!keybd_event 000000007571d782 5 bytes JMP 000000016e79a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\USER32.dll!SendInput 0000000075725af6 5 bytes JMP 000000016e79a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076581e80 5 bytes JMP 000000016e799704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000755a3df0 5 bytes JMP 000000016e79987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000755a3e40 5 bytes JMP 000000016e7997fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000755a462b 5 bytes JMP 000000016e79976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000755a74bc 5 bytes JMP 000000016e79981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000756070a6 5 bytes JMP 000000016e799150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074a5881c 5 bytes JMP 000000016e799000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074a58834 5 bytes JMP 000000016e7990a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 172 000000006df81d18 4 bytes [E8, 00, FF, 7D] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3588] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 180 000000006df81d20 8 bytes [54, 01, FF, 7D, C0, 01, FF, ...] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077484572 6 bytes JMP 000000016e60980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007748457d 6 bytes JMP 000000016e668054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076848312 5 bytes JMP 000000016e6075e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000756c7bb3 5 bytes JMP 000000016e667ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000756c8c38 5 bytes JMP 000000016e5eddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000756cf2ca 5 bytes JMP 000000016e5ededd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000756d010d 5 bytes JMP 000000016e68ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756d03d2 5 bytes JMP 000000016e6425b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000756d0827 5 bytes JMP 000000016e649ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756d17ea 5 bytes JMP 000000016e6703df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000756d263b 5 bytes JMP 000000016e79a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000756d280d 5 bytes JMP 000000016e613643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000756d78d1 5 bytes JMP 000000016e799310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 00000000756d805d 5 bytes JMP 000000016e7999fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!EndDialog 00000000756d87af 5 bytes JMP 000000016e799ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000756df8f3 5 bytes JMP 000000016e7992d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000756e081c 5 bytes JMP 000000016e798ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000756e2483 5 bytes JMP 000000016e798f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000756e4b7c 5 bytes JMP 000000016e798e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000756e9b1b 5 bytes JMP 000000016e799268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000756e9c47 5 bytes JMP 000000016e7999d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000756ebd5b 5 bytes JMP 000000016e7992a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000756f9b0b 5 bytes JMP 000000016e798ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075702a58 5 bytes JMP 000000016e79a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075705fb7 5 bytes JMP 000000016e5a1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075706397 1 byte JMP 000000016e798f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 2 0000000075706399 3 bytes {JMP 0xfffffffff9092c04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007571d3ad 5 bytes JMP 000000016e798d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007571d3d1 5 bytes JMP 000000016e798d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!keybd_event 000000007571d782 5 bytes JMP 000000016e79a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\USER32.dll!SendInput 0000000075725af6 5 bytes JMP 000000016e79a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076581e80 5 bytes JMP 000000016e799704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000755a3df0 5 bytes JMP 000000016e79987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000755a3e40 5 bytes JMP 000000016e7997fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000755a462b 5 bytes JMP 000000016e79976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000755a74bc 5 bytes JMP 000000016e79981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000756070a6 5 bytes JMP 000000016e799150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074a5881c 5 bytes JMP 000000016e799000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074a58834 5 bytes JMP 000000016e7990a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000755030cf 5 bytes JMP 000000016e7993ec .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000755034de 5 bytes JMP 000000016e7994b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007552ed29 5 bytes JMP 000000016e799348 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 172 000000006df81d18 4 bytes [E8, 00, FF, 7D] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3732] C:\Windows\SysWOW64\jscript9.dll!JsVarToScriptDirect + 180 000000006df81d20 8 bytes [54, 01, FF, 7D, C0, 01, FF, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [324:2576] 000007fefb572d14 Thread C:\Windows\System32\svchost.exe [324:2528] 000007fefb579ab4 Thread C:\Windows\System32\svchost.exe [628:1240] 000007fefc7cf848 Thread C:\Windows\System32\svchost.exe [628:1416] 000007fefc2e54f0 Thread C:\Windows\System32\svchost.exe [628:2940] 000007fef9cc1754 Thread C:\Windows\System32\svchost.exe [628:2944] 000007fef9cc1bf4 Thread C:\Windows\System32\svchost.exe [628:2952] 000007fef9cc1d5c Thread C:\Windows\System32\svchost.exe [628:948] 000007fef6f64c84 Thread C:\Windows\System32\svchost.exe [628:2440] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2456] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2432] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:1164] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:816] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2468] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2624] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2744] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:2112] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:748] 000007fefb138a4c Thread C:\Windows\System32\svchost.exe [628:3980] 000007fefdaa276c Thread C:\Windows\System32\svchost.exe [628:3692] 000007fefb505000 Thread C:\Windows\System32\svchost.exe [628:3912] 000007fef5c362d0 Thread C:\Windows\System32\svchost.exe [628:2244] 000007feeeeb9bec Thread C:\Windows\System32\svchost.exe [628:4544] 000007fef8bd5c54 Thread C:\Windows\system32\svchost.exe [712:1504] 000007fefb088cdc Thread C:\Windows\system32\svchost.exe [712:2860] 000007fefb154298 Thread C:\Windows\system32\svchost.exe [712:2864] 000007fefb154f54 Thread C:\Windows\system32\svchost.exe [712:2868] 000007fefb154c48 Thread C:\Windows\system32\svchost.exe [712:2872] 000007fefb154c48 Thread C:\Windows\system32\svchost.exe [712:2876] 000007fefb154c48 Thread C:\Windows\system32\svchost.exe [712:2880] 000007fefb154c48 Thread C:\Windows\system32\svchost.exe [712:2136] 000007fef5e5e654 Thread C:\Windows\system32\svchost.exe [712:2436] 000007fef2ff8410 Thread C:\Windows\system32\svchost.exe [712:3056] 000007fef0c87ec0 Thread C:\Windows\system32\svchost.exe [712:1036] 000007fef046e438 Thread C:\Windows\system32\svchost.exe [712:2052] 000007fef08f6a48 Thread C:\Windows\system32\svchost.exe [712:2412] 000007fef04c4790 Thread C:\Windows\system32\svchost.exe [712:4152] 000007feef2a56a8 Thread C:\Windows\system32\svchost.exe [712:4160] 000007fefd9c1be8 Thread C:\Windows\system32\svchost.exe [712:4164] 000007fefd9c1be8 Thread C:\Windows\system32\svchost.exe [712:2748] 000007fefa8fd980 Thread C:\Windows\system32\svchost.exe [712:4280] 000007fefa8fcc80 Thread C:\Windows\system32\svchost.exe [712:4276] 000007fefa8fcc80 Thread C:\Windows\system32\svchost.exe [712:4260] 000007fefa8fcc80 Thread C:\Windows\system32\svchost.exe [712:4256] 000007fefa8fcc80 Thread C:\Windows\system32\svchost.exe [712:4560] 000007fefb505000 Thread C:\Windows\system32\svchost.exe [712:1832] 000007fefa8522f4 Thread C:\Windows\system32\svchost.exe [1156:1836] 000007fefaa1d69c Thread C:\Windows\system32\svchost.exe [1156:1840] 000007fefa9fe608 Thread C:\Windows\system32\svchost.exe [1156:1844] 000007fefa9fe608 Thread C:\Windows\system32\svchost.exe [1156:2220] 000007fef713b10c Thread C:\Windows\system32\svchost.exe [1156:1932] 000007fef2f99358 Thread C:\Windows\system32\svchost.exe [1156:1516] 000007fef2fa3820 Thread C:\Windows\system32\svchost.exe [1156:2524] 000007fef2fa60bc Thread C:\Windows\system32\svchost.exe [1156:3080] 000007feefc97ba4 Thread C:\Windows\system32\svchost.exe [1156:3088] 000007feefca19e0 Thread C:\Windows\system32\svchost.exe [1156:3320] 000007fef044af94 Thread C:\Windows\system32\svchost.exe [1156:3324] 000007fef044af94 Thread C:\Windows\system32\svchost.exe [1156:3328] 000007fef044af94 Thread C:\Windows\system32\svchost.exe [1156:3332] 000007fef044af94 Thread C:\Windows\system32\svchost.exe [1156:3336] 000007fefb505000 Thread C:\Windows\System32\spoolsv.exe [1600:2068] 000007fef9fe13dc Thread C:\Windows\System32\spoolsv.exe [1600:2072] 000007fef9fe12ac Thread C:\Windows\System32\spoolsv.exe [1600:2080] 000007fef9f51c00 Thread C:\Windows\System32\spoolsv.exe [1600:2084] 000007fef9f038a0 Thread C:\Windows\System32\spoolsv.exe [1600:2088] 000007fef9e1bd78 Thread C:\Windows\System32\spoolsv.exe [1600:2092] 000007fef9e1c4f8 Thread C:\Windows\System32\spoolsv.exe [1600:2096] 000007fef9e26844 Thread C:\Windows\System32\spoolsv.exe [1600:2104] 000007fefa08a704 Thread C:\Windows\system32\svchost.exe [1648:2960] 000007fef8cb7ef4 Thread C:\Windows\system32\svchost.exe [1648:2976] 000007fef8cae984 Thread C:\Windows\system32\svchost.exe [1648:2984] 000007fef8cae984 Thread C:\Windows\system32\svchost.exe [1648:2988] 000007fef8cae984 Thread C:\Windows\system32\svchost.exe [1648:2992] 000007fef8cae984 Thread C:\Windows\system32\svchost.exe [1648:2996] 000007fef8cae984 Thread C:\Windows\system32\svchost.exe [1648:4648] 000007fef8cbcab8 Thread C:\Windows\system32\svchost.exe [1648:5060] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:2388] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:4684] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:1788] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:4740] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:4812] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:2152] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:4320] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:5032] 000007fefb138a4c Thread C:\Windows\system32\svchost.exe [1648:4968] 000007fefb138a4c Thread C:\Windows\system32\taskeng.exe [1360:2268] 000007fef8a8a26c Thread C:\Program Files\Windows Defender\MSASCui.exe [2344:2760] 000007fef8836604 Thread C:\Program Files\Windows Defender\MSASCui.exe [2344:2768] 000007fef8842830 Thread C:\Program Files\Windows Defender\MSASCui.exe [2344:2780] 000007fef8848240 Thread C:\Windows\system32\SearchIndexer.exe [1348:3996] 000007feefde39f0 ---- Files - GMER 2.1 ---- File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\apu\apu0054.dat 100107 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\apu\apu0060.dat 100093 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\apu\apu0063.dat 100092 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\apu\apu0086.dat 100217 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\apu\apu0098.dat 100082 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\base1.keb 108643 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\base11.keb 1074 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\base12.keb 146728 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\base13.keb 345 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\data.check.keb 914 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\data.set.idn.keb 125 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\lexbase.keb 169435 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\lua.keb 539491 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcflt03.keb 21368 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcflt04.keb 387272 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcflt570.keb 5217 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt01.keb 106186 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt02.keb 101823 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt03.keb 104109 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt04.keb 65295 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt05.keb 55270 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltodt06.keb 108877 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\mcfltu.keb 1945 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\pas5-0607g.xml 5467 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\pas5.stt 20 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\as\pas5\upd_terms-full.keb 721842 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf 0 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf-0607g.krg 4685 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf-0607g.xml 23014 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf.stt 22 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf0070.dat 85292 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf0079.dat 82283 bytes File C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\rollback\general\bases\wmuf\wmuf0130.dat 76804 bytes File C:\Users\Henio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JIG9YV43\fixitpc_pl[1].htm 0 bytes File C:\Users\Henio\AppData\Roaming\Microsoft\Windows\Cookies\Low\IB6HTK3M.txt 0 bytes ---- EOF - GMER 2.1 ----