GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-28 21:24:24 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01118 Running: yokgcomr.exe; Driver: C:\Users\Szef\AppData\Local\Temp\aflcraob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F2379CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FF06A68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F239EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F239F04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F23A01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F239E02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F239F54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F239E56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F239FC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F2379EE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FF06B18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F2377B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F237A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F23A412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F2384AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F239EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F239F2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F23A044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F239E2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F239F94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F239E84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F239FF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FF06BB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F238370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F237A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F237A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F237812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F23794E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F23792A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F237972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F237A7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FF1B8DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A5A589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82A86824 4 Bytes [CA, 79, 23, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82A8684C 4 Bytes [68, 6A, F0, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82A86900 8 Bytes [AC, 9E, 23, 8F, 04, 9F, 23, ...] {LODSB ; SAHF ; AND ECX, [EDI-0x70dc60fc]} .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82A8690C 4 Bytes [1A, A0, 23, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 318 82A86928 4 Bytes [02, 9E, 23, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C202CB 5 Bytes JMP 8FF1729E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82C3A003 5 Bytes JMP 8FF18D50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C845CA 4 Bytes CALL 8F238E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C8C6A5 4 Bytes CALL 8F238E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CF22F4 7 Bytes JMP 8FF1B8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90413000, 0x2D5378, 0xE8000020] .text user32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 001A0120 .text user32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 001A006C .text user32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001A00E4 .text user32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 001A0030 .text user32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001A00A8 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[464] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[464] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[464] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 000C0120 .text C:\Windows\system32\wininit.exe[464] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 000C006C .text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000C00E4 .text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 000C0030 .text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000C00A8 .text C:\Windows\system32\services.exe[512] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 000A006C .text C:\Windows\system32\services.exe[512] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 000A0030 .text C:\Windows\system32\lsass.exe[528] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\lsass.exe[528] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\lsass.exe[528] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00240120 .text C:\Windows\system32\lsass.exe[528] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0024006C .text C:\Windows\system32\lsass.exe[528] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 002400E4 .text C:\Windows\system32\lsass.exe[528] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00240030 .text C:\Windows\system32\lsass.exe[528] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 002400A8 .text C:\Windows\system32\lsm.exe[536] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\lsm.exe[536] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 000C0120 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 000C006C .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000C00E4 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 000C0030 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[704] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[704] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\atiesrxx.exe[848] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0016006C .text C:\Windows\system32\atiesrxx.exe[848] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00160030 .text C:\Windows\system32\atiesrxx.exe[848] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 001F0120 .text C:\Windows\system32\atiesrxx.exe[848] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 001F006C .text C:\Windows\system32\atiesrxx.exe[848] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001F00E4 .text C:\Windows\system32\atiesrxx.exe[848] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 001F0030 .text C:\Windows\system32\atiesrxx.exe[848] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001F00A8 .text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00300120 .text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0030006C .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 003000E4 .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00300030 .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 003000A8 .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00460120 .text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0046006C .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 004600E4 .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00460030 .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 004600A8 .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00A70120 .text C:\Windows\system32\svchost.exe[1016] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 00A7006C .text C:\Windows\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 00A700E4 .text C:\Windows\system32\svchost.exe[1016] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00A70030 .text C:\Windows\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 00A700A8 .text C:\Windows\system32\WUDFHost.exe[1100] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\WUDFHost.exe[1100] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\WUDFHost.exe[1100] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00110120 .text C:\Windows\system32\WUDFHost.exe[1100] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0011006C .text C:\Windows\system32\WUDFHost.exe[1100] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001100E4 .text C:\Windows\system32\WUDFHost.exe[1100] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00110030 .text C:\Windows\system32\WUDFHost.exe[1100] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001100A8 .text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00910120 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0091006C .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 009100E4 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00910030 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 009100A8 .text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1392] kernel32.dll!SetUnhandledExceptionFilter 77953162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 000B006C .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 000B0030 .text C:\Windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00190120 .text C:\Windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0019006C .text C:\Windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001900E4 .text C:\Windows\System32\spoolsv.exe[1684] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00190030 .text C:\Windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001900A8 .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1712] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 004F0120 .text C:\Windows\system32\svchost.exe[1712] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 004F006C .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 004F00E4 .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 004F0030 .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 004F00A8 .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00A60120 .text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 00A6006C .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 00A600E4 .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00A60030 .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 00A600A8 .text C:\Windows\system32\vssvc.exe[2104] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\vssvc.exe[2104] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\vssvc.exe[2104] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00100120 .text C:\Windows\system32\vssvc.exe[2104] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0010006C .text C:\Windows\system32\vssvc.exe[2104] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001000E4 .text C:\Windows\system32\vssvc.exe[2104] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00100030 .text C:\Windows\system32\vssvc.exe[2104] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001000A8 .text C:\Windows\System32\svchost.exe[2152] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 000A006C .text C:\Windows\System32\svchost.exe[2152] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 000A0030 .text C:\Windows\system32\LogonUI.exe[2208] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\LogonUI.exe[2208] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\LogonUI.exe[2208] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 000F0120 .text C:\Windows\system32\LogonUI.exe[2208] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 000F006C .text C:\Windows\system32\LogonUI.exe[2208] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000F00E4 .text C:\Windows\system32\LogonUI.exe[2208] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 000F0030 .text C:\Windows\system32\LogonUI.exe[2208] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000F00A8 .text C:\Windows\system32\atieclxx.exe[2248] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0016006C .text C:\Windows\system32\atieclxx.exe[2248] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00160030 .text C:\Windows\system32\atieclxx.exe[2248] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 001F0120 .text C:\Windows\system32\atieclxx.exe[2248] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 001F006C .text C:\Windows\system32\atieclxx.exe[2248] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001F00E4 .text C:\Windows\system32\atieclxx.exe[2248] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 001F0030 .text C:\Windows\system32\atieclxx.exe[2248] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001F00A8 .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0016006C .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00160030 .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 001A0120 .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 001A006C .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001A00E4 .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 001A0030 .text C:\Users\Szef\Downloads\yokgcomr.exe[2340] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001A00A8 .text C:\Windows\system32\taskhost.exe[2384] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0005006C .text C:\Windows\system32\taskhost.exe[2384] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00050030 .text C:\Windows\system32\taskhost.exe[2384] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00070120 .text C:\Windows\system32\taskhost.exe[2384] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0007006C .text C:\Windows\system32\taskhost.exe[2384] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskhost.exe[2384] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00070030 .text C:\Windows\system32\taskhost.exe[2384] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000700A8 .text C:\Windows\system32\Dwm.exe[2456] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\Dwm.exe[2456] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\Dwm.exe[2456] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 000F0120 .text C:\Windows\system32\Dwm.exe[2456] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 000F006C .text C:\Windows\system32\Dwm.exe[2456] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000F00E4 .text C:\Windows\system32\Dwm.exe[2456] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 000F0030 .text C:\Windows\system32\Dwm.exe[2456] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000F00A8 .text C:\Windows\Explorer.EXE[2500] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\Explorer.EXE[2500] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\Explorer.EXE[2500] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00110120 .text C:\Windows\Explorer.EXE[2500] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0011006C .text C:\Windows\Explorer.EXE[2500] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001100E4 .text C:\Windows\Explorer.EXE[2500] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00110030 .text C:\Windows\Explorer.EXE[2500] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001100A8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 02170120 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0217006C .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 021700E4 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 02170030 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2792] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 021700A8 .text C:\Program Files\uTorrent\uTorrent.exe[2808] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0034006C .text C:\Program Files\uTorrent\uTorrent.exe[2808] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00340030 .text C:\Program Files\uTorrent\uTorrent.exe[2808] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 003E0120 .text C:\Program Files\uTorrent\uTorrent.exe[2808] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 003E006C .text C:\Program Files\uTorrent\uTorrent.exe[2808] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 003E00E4 .text C:\Program Files\uTorrent\uTorrent.exe[2808] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 003E0030 .text C:\Program Files\uTorrent\uTorrent.exe[2808] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 003E00A8 .text C:\Windows\system32\SearchIndexer.exe[3024] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\SearchIndexer.exe[3024] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\SearchIndexer.exe[3024] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00090120 .text C:\Windows\system32\SearchIndexer.exe[3024] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0009006C .text C:\Windows\system32\SearchIndexer.exe[3024] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000900E4 .text C:\Windows\system32\SearchIndexer.exe[3024] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00090030 .text C:\Windows\system32\SearchIndexer.exe[3024] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000900A8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00100120 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0010006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001000E4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00100030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3212] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001000A8 .text C:\Windows\System32\svchost.exe[3500] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[3500] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[3500] user32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00490120 .text C:\Windows\System32\svchost.exe[3500] user32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0049006C .text C:\Windows\System32\svchost.exe[3500] user32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 004900E4 .text C:\Windows\System32\svchost.exe[3500] user32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00490030 .text C:\Windows\System32\svchost.exe[3500] user32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 004900A8 .text C:\Windows\system32\SearchProtocolHost.exe[3560] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchProtocolHost.exe[3560] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchProtocolHost.exe[3560] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00080120 .text C:\Windows\system32\SearchProtocolHost.exe[3560] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0008006C .text C:\Windows\system32\SearchProtocolHost.exe[3560] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 000800E4 .text C:\Windows\system32\SearchProtocolHost.exe[3560] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00080030 .text C:\Windows\system32\SearchProtocolHost.exe[3560] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 000800A8 .text C:\Windows\system32\SearchFilterHost.exe[3612] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\SearchFilterHost.exe[3612] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\SearchFilterHost.exe[3612] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00110120 .text C:\Windows\system32\SearchFilterHost.exe[3612] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0011006C .text C:\Windows\system32\SearchFilterHost.exe[3612] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001100E4 .text C:\Windows\system32\SearchFilterHost.exe[3612] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00110030 .text C:\Windows\system32\SearchFilterHost.exe[3612] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001100A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3668] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\wbem\wmiprvse.exe[3668] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\wbem\wmiprvse.exe[3668] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00100120 .text C:\Windows\system32\wbem\wmiprvse.exe[3668] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0010006C .text C:\Windows\system32\wbem\wmiprvse.exe[3668] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001000E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3668] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00100030 .text C:\Windows\system32\wbem\wmiprvse.exe[3668] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001000A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrUnloadDll 7780BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrLoadDll 7780F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 00140120 .text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 0014006C .text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 001400E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 00140030 .text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 001400A8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74582494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74565624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7458250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74578573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74574D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74578819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7457907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7457E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74574C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x31 0xCE 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x31 0xCE 0xCB ... ---- Files - GMER 1.0.15 ---- File C:\Users\Szef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21EX5VW2\hero[1].txt 2864 bytes File C:\Users\Szef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPY31NPF\common_func[4].js 33433 bytes File C:\Users\Szef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPY31NPF\launch-notice[1].txt 10689 bytes File C:\Users\Szef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCZMZF35\common_func_ci[1].js 7076 bytes ---- EOF - GMER 1.0.15 ----