GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-23 13:03:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC4Z 465,76GB Running: qyrw2hqq.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\afrcaaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\regsvr32.exe[3624] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Windows\SysWOW64\regsvr32.exe[3624] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4820] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4820] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe[5932] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe[5932] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75e38ea9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 75d948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75e387a2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75e38978 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75e38698 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75e38a62 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75e38f61 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75e38ac2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 75e3865c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 75e38e24 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe[2904] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75e385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75e38ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 75d948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75e387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75e38978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75e38698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75e38a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75e38f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75e38ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 75e3865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 75e38e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe[9772] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75e385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\user32.DLL!DrawTextExW 000000007532149e 6 bytes [68, 1C, B1, BB, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\user32.DLL!DrawTextW 00000000753225cf 6 bytes [68, 4C, CE, BB, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\user32.DLL!MessageBeep 000000007532c036 6 bytes [68, 04, 67, C0, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075588760 6 bytes [68, 84, 0C, BC, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755d8740 6 bytes [68, 6C, BC, BB, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\ws2_32.dll!WSASend 00000000770a4406 6 bytes [68, 5C, 70, BB, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\ws2_32.dll!send 00000000770a6f01 6 bytes [68, 0C, 65, BB, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075781419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75e38ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007578144a 2 bytes CALL 75d948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75e387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75e38978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75e38698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75e38a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075781555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75e38f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75e38ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 75e3865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 75e38e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2072] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75e385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007790000c 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007798f8ea 5 bytes JMP 000000017793d5c1 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\user32.DLL!DrawTextExW 000000007532149e 6 bytes [68, 1C, B1, 95, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\user32.DLL!DrawTextW 00000000753225cf 6 bytes [68, 4C, CE, 95, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\user32.DLL!MessageBeep 000000007532c036 6 bytes [68, 7C, 70, 9A, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075588760 6 bytes [68, 6C, BC, 95, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755d8740 6 bytes [68, 9C, 2C, 96, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\ws2_32.dll!WSASend 00000000770a4406 6 bytes [68, 5C, 70, 95, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\ws2_32.dll!send 00000000770a6f01 6 bytes [68, 0C, 65, 95, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075781419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75e38ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007578144a 2 bytes CALL 75d948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75e387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75e38978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75e38698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75e38a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075781555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75e38f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75e38ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 75e3865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 75e38e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75e385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075781401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075781419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075781431 2 bytes JMP 75e38ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007578144a 2 bytes CALL 75d948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757814dd 2 bytes JMP 75e387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757814f5 2 bytes JMP 75e38978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007578150d 2 bytes JMP 75e38698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075781525 2 bytes JMP 75e38a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007578153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075781555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007578156d 2 bytes JMP 75e38f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075781585 2 bytes JMP 75e38ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007578159d 2 bytes JMP 75e3865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757815b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757815cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757816b2 2 bytes JMP 75e38e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4088] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757816bd 2 bytes JMP 75e385f1 C:\windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetModuleHandleA] [6f547473756a6441] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetProcAddress] [69766972506e656b] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!Sleep] [736567656c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!VirtualAllocEx] [1] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!LoadLibraryA] [56656c6946746547] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!CreateFileW] [57657a69536f66] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetStringTypeW] [100000065] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!LCMapStringW] [6365447470797243] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetProcessHeap] [74707972] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetLastError] [53656c6946746547] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetFullPathNameA] [3431323900657a69] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCommandLineA] [0] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetStartupInfoW] [6572617774666f53] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!UnhandledExceptionFilter] [736f7263694d5c5c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetUnhandledExceptionFilter] [6e69575c5c74666f] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!IsDebuggerPresent] [75435c5c73776f64] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!RtlVirtualUnwind] [726556746e657272] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!RtlLookupFunctionEntry] [75525c5c6e6f6973] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!RtlCaptureContext] [646e65730000006e] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!TerminateProcess] [6464615f74656e69] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCurrentProcess] [72] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetDriveTypeW] [65736f6c43676552] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!HeapFree] [6b636f730079654b] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetHandleCount] [7465] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetStdHandle] [766974614e746547] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [496d657473795365] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetFileType] [6f666e] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetFilePointer] [6c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!RtlUnwindEx] [646e6957646e6946] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!MultiByteToWideChar] [7265746e696f] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!ReadFile] [41727453727453] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetModuleHandleW] [746547726578696d] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!WriteFile] [746e6f43656e694c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetModuleFileNameW] [41736c6f72] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetModuleFileNameA] [6156746553676552] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FreeEnvironmentStringsW] [57784565756c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!WideCharToMultiByte] [7e6f6d556f64637d] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetEnvironmentStringsW] [636c557263647f55] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FlsGetValue] [6f676b64556f66] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FlsSetValue] [6c6f467465474853] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FlsFree] [5768746150726564] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetLastError] [0] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCurrentThreadId] [6854657461657243] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FlsAlloc] [64616572] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!HeapSetInformation] [6e61656c43415357] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetVersion] [7075] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!HeapCreate] [6f646e6957746547] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!QueryPerformanceCounter] [41676e6f4c77] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetTickCount] [6574754d6e65704f] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCurrentProcessId] [5778] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetSystemTimeAsFileTime] [636f7365736f6c63] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCurrentDirectoryW] [65656c530074656b] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetStdHandle] [7365447470797243] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetConsoleCP] [68736148796f7274] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetConsoleMode] [0] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!CloseHandle] [2466666e6f636879] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!CreateFileA] [766365720066666e] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!FlushFileBuffers] [0] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetCPInfo] [620061006e0045] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetACP] [2000730065006c] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!GetOEMCP] [20006500680074] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!IsValidCodePage] [65007400650064] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!LoadLibraryW] [6f006900740063] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!WriteConsoleW] [6c006e0077006f] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[KERNEL32.dll!SetEndOfFile] [2000640061006f] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupGetSourceInfoA] [740073006e0069] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupInstallFileA] [61006c006c0061] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupSetDirectoryIdW] [6e006f00690074] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupDiUnremoveDevice] [200066006f0020] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupQuerySourceListA] [61006400700075] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupQueueDefaultCopyA] [20007300650074] IAT C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[3460] @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe[SETUPAPI.dll!SetupCopyErrorA] [200072006f0066] IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7feef8fd8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7feef9263e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7feef8fd8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\ole32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7feef926300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2068] @ C:\windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7feef8fd8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7feef9263e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7feef8fd8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\ole32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7feef926300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7feef926300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7feef927160] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7feef9264e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7feef8e2090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7feef926a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[12716] @ C:\windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7feef8e1800] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\svchost.exe [732:780] 000007fefc76332c Thread C:\windows\system32\svchost.exe [732:784] 000007fefc7610b0 Thread C:\windows\system32\svchost.exe [328:7312] 000007feeae46ed4 Thread C:\windows\system32\svchost.exe [328:7316] 000007feeae46b8c Thread C:\windows\system32\svchost.exe [492:2264] 000007fef8f084d8 Thread C:\windows\system32\svchost.exe [492:2348] 000007fef8ec23a8 Thread C:\windows\system32\svchost.exe [492:2360] 000007fef8f40d00 Thread C:\windows\system32\svchost.exe [492:2364] 000007fef8789498 Thread C:\windows\system32\svchost.exe [492:6844] 000007feea1e1ab0 Thread C:\windows\system32\svchost.exe [492:1952] 000007feeb0b506c Thread C:\windows\system32\svchost.exe [492:2564] 000007fef7c21c20 Thread C:\windows\system32\svchost.exe [492:2440] 000007fef7c21c20 Thread C:\windows\system32\svchost.exe [492:6588] 000007fef95c5124 Thread C:\windows\system32\svchost.exe [492:10516] 000007fef8bb17f8 Thread C:\windows\system32\svchost.exe [492:10644] 000007fef8bb17f8 Thread C:\windows\system32\svchost.exe [492:13440] 000007fee232e1c4 Thread C:\windows\system32\svchost.exe [492:13588] 000007fef8bb17f8 Thread C:\windows\system32\svchost.exe [1100:1972] 000007fef971bd70 Thread C:\windows\system32\svchost.exe [1100:2172] 000007fef92483d8 Thread C:\windows\system32\svchost.exe [1100:2180] 000007fef92483d8 Thread C:\windows\system32\svchost.exe [1100:2184] 000007fef92483d8 Thread C:\windows\system32\svchost.exe [1100:2188] 000007fef92483d8 Thread C:\windows\system32\svchost.exe [1100:2324] 000007fef8d53f1c Thread C:\windows\system32\svchost.exe [1100:2328] 000007fef8d21a38 Thread C:\windows\system32\svchost.exe [1100:2336] 000007fef87e5388 Thread C:\windows\system32\svchost.exe [1100:2340] 000007fef87c7738 Thread C:\windows\system32\svchost.exe [1100:2344] 000007fef87b1f90 Thread C:\windows\system32\svchost.exe [1100:2376] 000007fef8955170 Thread C:\windows\system32\svchost.exe [1100:8684] 000007fef95c5124 Thread C:\windows\System32\spoolsv.exe [1332:2576] 000007fef7d310c8 Thread C:\windows\System32\spoolsv.exe [1332:2612] 000007fef7cf6144 Thread C:\windows\System32\spoolsv.exe [1332:2616] 000007fef8525fd0 Thread C:\windows\System32\spoolsv.exe [1332:2620] 000007fef8513438 Thread C:\windows\System32\spoolsv.exe [1332:2624] 000007fef85263ec Thread C:\windows\System32\spoolsv.exe [1332:2632] 000007fef7dc5e5c Thread C:\windows\System32\spoolsv.exe [1332:2636] 000007fef7df5074 Thread C:\windows\System32\spoolsv.exe [1332:2896] 000007fef7e62288 Thread C:\windows\System32\spoolsv.exe [1332:2928] 000007fef7d88760 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:1920] 0000000077943e85 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:1940] 0000000077942e65 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:1928] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2024] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2052] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2060] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2064] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2084] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2088] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2092] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2096] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2100] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2112] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2116] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2120] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2804] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2808] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2812] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2820] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2824] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2828] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2832] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2836] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2860] 0000000077943e85 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:2864] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:10660] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:13056] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:9984] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:13008] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:13040] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:1980] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:8136] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:12860] 0000000071c229e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1872:12680] 0000000071c229e1 Thread C:\windows\system32\taskhost.exe [3060:3240] 000007fef7201f38 Thread C:\windows\system32\taskhost.exe [3060:3264] 000007fef71a3d18 Thread C:\windows\system32\taskhost.exe [3060:3292] 000007fef7212740 Thread C:\windows\system32\taskhost.exe [3060:3332] 000007fefabd1010 Thread C:\windows\system32\taskhost.exe [3060:4332] 000007fef8955170 Thread C:\windows\system32\svchost.exe [1588:3104] 000007fef7342f9c Thread C:\Windows\System32\StikyNot.exe [3288:3416] 000007fefdc26e60 Thread C:\Windows\System32\StikyNot.exe [3288:3276] 000007fefad82bf8 Thread C:\Windows\System32\StikyNot.exe [3288:4176] 000007fefdc26e60 Thread C:\Windows\System32\StikyNot.exe [3288:4180] 000007fefdc26e60 Thread C:\Windows\System32\StikyNot.exe [3288:4184] 000007fefdc26e60 Thread C:\Windows\SysWOW64\regsvr32.exe [3624:4576] 000000006cee9ee9 Thread C:\windows\SysWOW64\regsvr32.exe [3312:4596] 000000006cee2f08 Thread C:\windows\SysWOW64\regsvr32.exe [3312:4604] 000000006cee2f08 Thread C:\windows\SysWOW64\regsvr32.exe [3312:4608] 000000006cee2f08 Thread C:\windows\system32\svchost.exe [6656:6804] 000007fef8525fd0 Thread C:\windows\system32\svchost.exe [6656:6808] 000007fef85263ec Thread C:\windows\system32\svchost.exe [6656:8600] 000007fee9448470 Thread C:\windows\system32\svchost.exe [6656:8680] 000007fee9452418 Thread C:\Program Files\Rainmeter\Rainmeter.exe [1520:5972] 000007fefad82bf8 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2072:3924] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2072:7812] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2072:7568] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2072:10856] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11804:11940] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11804:7192] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11804:13232] 000000006cee2f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11804:3112] 000000006cee2f08 Thread C:\Program Files\Internet Explorer\iexplore.exe [13584:12708] 00000000059b2160 Thread C:\Program Files\Internet Explorer\iexplore.exe [13584:3036] 00000000059b2190 Thread C:\Program Files\Internet Explorer\iexplore.exe [12276:13248] 0000000005512160 Thread C:\Program Files\Internet Explorer\iexplore.exe [12276:13052] 0000000005512190 Thread C:\Program Files\Internet Explorer\iexplore.exe [14184:13156] 0000000005052160 Thread C:\Program Files\Internet Explorer\iexplore.exe [14184:12524] 0000000005052190 Thread C:\Program Files\Internet Explorer\iexplore.exe [13808:12932] 0000000004ba2160 Thread C:\Program Files\Internet Explorer\iexplore.exe [13808:11580] 0000000004ba2190 Thread C:\Program Files\Internet Explorer\iexplore.exe [13388:14088] 0000000005562160 Thread C:\Program Files\Internet Explorer\iexplore.exe [13388:3188] 0000000005562190 ---- Processes - GMER 2.1 ---- Library C:\Users\Kuba\AppData\Local\Ocpics\DataCD.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [3624](2015-02-21 10:29:22) 0000000010000000 Process C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe (*** suspicious ***) @ C:\Users\Kuba\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [3460](2015-02-21 10:20:48) 0000000140000000 Process C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\IEUpdate\wecutil.exe (*** suspicious ***) @ C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\IEUpdate\wecutil.exe [3020](2014-04-09 15:00:47) 000000013fc70000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\windows\SysWOW64\regsvr32.exe [3312](2015-02-21 20:44:22) 0000000010000000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [4820](2015-02-21 20:44:22) 0000000010000000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [5080](2015-02-21 20:44:22) 0000000010000000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe [5932](2 0000000010000000 Process C:\Users\Kuba\AppData\Local\Ocpics\tmpF3F4.exe (*** suspicious ***) @ C:\Users\Kuba\AppData\Local\Ocpics\tmpF3F4.exe [6504] (Keeper Keys/The Eraser Project )(2015-02-17 14:32:05) 0000000000400000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe [2904](2015-02-21 20:44:22) 0000000010000000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe [9772](2015-02-21 20:44:22) 0000000010000000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2072](2015-02-21 20:44:22) 0000000002710000 Library C:\Users\Kuba\AppData\Local\Oprzics\ASMga215A.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11804](2015-02-21 20:44:22) 0000000002d00000 Process C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\IEUpdate\wecutil.exe (*** suspicious ***) @ C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\IEUpdate\wecutil.exe [3780](2014-04-09 15:00:47) 000000013fc70000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46af4d8fb Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46af4d8fb (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat@CachePath %USERPROFILE%\AppData\Local\Temp\vLIsVAWrP0y8kofjGCU\AppData\Roaming\Microsoft\Windows\IECompatCache ---- Files - GMER 2.1 ---- File C:\Users\Kuba\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9E524E18-BB51-11E4-B4D2-18F46AF4D8FB}.dat 5632 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9E524E1A-BB51-11E4-B4D2-18F46AF4D8FB}.dat 9728 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\DXI1ORHCpsQm3Vp6mXoaTRa1RVmPjeKy21_GQJaLlJIX4O4GH2B.woff 33728 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\fVTI0ASD4.txt 42922 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\faviconVB14K4O4.ico 5430 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\faviconB22ZBTG0.ico 5430 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=ACT90oGqCNUvMO5wMocC0nPTaiiUPLjzPgVPCM6JNC.js 93337 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\jquery.minPCEIMT0D.js 95786 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\privacyMF9J1SWS.htm 50310 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\YJM4442K.htm 108743 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\f1D6YM6DK.txt 42922 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QWPB8U0UR.js 26696 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\iecompatviewlist5OZVL5U5.xml 518618 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\fKPFV1W57.txt 42922 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=ACT90oGqCNUvMO5wMocC0nPTaiiUPLjzPg12L1QCDN.js 93337 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\faviconPCMFN1BH.ico 5430 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QZKGS0RJJ.js 167124 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\faviconIP3EF0NX.ico 5430 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\cb=gapiJ3IAJ3Q7.js 140553 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\cb=gapiK8N8NSMQ.js 140553 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\iecompatviewlistL0WARTK5.xml 518618 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\iecompatviewlistEI16LO3J.xml 518618 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QD2WVZUJU.js 167124 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\jquery.minO9ZZJALX.js 95786 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QRR0WKG07.js 26696 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\73XSG3S0.htm 107166 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\cb=gapiAKXO7KBO.js 140553 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\gaV19MUB33.js 40916 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QO5HNR4LH.js 26696 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\jquery.minBD8FR233.js 95786 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\u-WUoqrET9fUeobQW7jkRT8E0i7KZn-EPnyo3HZu7kw4BKSY98M.woff 33088 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=AItRSTOD1wLzpOwt8JiW-5h1MZj3-r2s9QG966YNTA.js 26696 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\k3k702ZOKiLJc3WVjuplzBa1RVmPjeKy21_GQJaLlJIIK4RL5TL.woff 33852 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=ACT90oGqCNUvMO5wMocC0nPTaiiUPLjzPg09F5DCXJ.js 350725 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=ACT90oGqCNUvMO5wMocC0nPTaiiUPLjzPg8BHNHCPP.js 350725 bytes File C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF3IZSM\rs=ACT90oGqCNUvMO5wMocC0nPTaiiUPLjzPg8RIXD2RW.js 93337 bytes ---- EOF - GMER 2.1 ----