GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-13 14:38:42 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GB Running: hpm9rgk3.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\kwrdipob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x918E6F80] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x918E7040] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x918E7000] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x918E6FC0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E8F339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82ECFEF8 4 Bytes [80, 6F, 8E, 91] {SUB BYTE [EDI-0x72], 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82ED0008 4 Bytes [40, 70, 8E, 91] {INC EAX; JO 0xffffff91; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 82ED0314 4 Bytes [00, 70, 8E, 91] {ADD [EAX-0x72], DH; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ED035C 4 Bytes [C0, 6F, 8E, 91] {SHR BYTE [EDI-0x72], 0x91} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8C58EB2E] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C28000, 0x147F58, 0xE8000020] ? C:\Program Files\kprocesshacker.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1984] ntdll.dll!LdrLoadDll 779622B8 5 Bytes JMP 6E918F8C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1984] kernel32.dll!RegCloseKey + 102 7723CC51 7 Bytes JMP 561DE4AF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1984] kernel32.dll!GetSystemTime + B 7723CEE3 7 Bytes JMP 561DE3C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1984] USER32.dll!GetWindowInfo 76E86A82 5 Bytes JMP 561DEFE6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1984] USER32.dll!MenuItemFromPoint + F 76EA4B36 7 Bytes JMP 561DD558 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\msiexec.exe[2380] ntdll.dll!NtMapViewOfSection 77945C28 5 Bytes JMP 7FF938B1 .text C:\Windows\system32\msiexec.exe[2380] ws2_32.dll!GetAddrInfoW 77414889 5 Bytes JMP 7FF943BD .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtCreateFile 779455C8 5 Bytes JMP 5529858B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtFlushBuffersFile 77945958 5 Bytes JMP 552982CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtQueryFullAttributesFile 77945FE8 5 Bytes JMP 55298403 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtReadFile 779462B8 5 Bytes JMP 55298305 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtReadFileScatter 779462C8 5 Bytes JMP 5588D167 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtWriteFile 77946A68 5 Bytes JMP 5529872F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtWriteFileGather 77946A78 5 Bytes JMP 5588D1B7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!LdrLoadDll 779622B8 5 Bytes JMP 6E918F8C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77238996 7 Bytes JMP 55874A22 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] kernel32.dll!GetEnvironmentStringsA + 11 77242FB1 7 Bytes JMP 55875B9E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] kernel32.dll!BaseThreadInitThunk + C9 77243CFC 7 Bytes JMP 555FC75E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] USER32.dll!GetWindowInfo 76E86A82 5 Bytes JMP 562FCEEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2720] GDI32.dll!GetViewportOrgEx + 26C 76A2884B 7 Bytes JMP 558741B3 C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [745E2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [745C5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [745C56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [745E24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [745D8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [745D4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [745D506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [745D5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745D6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [745D826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [745D87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [745D901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [745DE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\explorer.exe[1424] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [745D4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745E2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745C5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745C56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745E24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745D8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745D4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745D506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745D5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745D6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745D826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745D87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745D901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745DE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll IAT C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745D4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 858E31E8 Device \FileSystem\fastfat \FatCdrom 87BCA1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7A6D7C9B-38DC-40FE-8369-CE2F401DAB37} 8696D1E8 Device \Driver\usbehci \Device\USBPDO-0 86C221E8 Device \Driver\usbehci \Device\USBPDO-1 86C221E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 858DF1E8 Device \Driver\atapi \Device\Ide\IdePort0 858DF1E8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 858E01E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8696D1E8 Device \Driver\usbehci \Device\USBFDO-0 86C221E8 Device \Driver\usbehci \Device\USBFDO-1 86C221E8 Device \Driver\USBSTOR \Device\0000007b 876401E8 Device \Driver\USBSTOR \Device\0000007c 876401E8 Device \FileSystem\fastfat \Fat 87BCA1E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x858df1e8]<< 858df1e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86744a58] 86744a58 Trace 3 CLASSPNP.SYS[8cd0259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8663c908] 8663c908 Trace \Driver\atapi[0x86634f38] -> IRP_MJ_CREATE -> 0x858df1e8 858df1e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xA4 0xE1 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0xA4 0xE1 0x25 ... ---- Files - GMER 2.1 ---- File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4\lPNqCN4w1vs6xvMuI8X+f 0 bytes File C:\Users\Bartek\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4\lPNqCN4w1vs6xvMuI8X+f\y9BXixF8yLnMgAAAABJRU5ErkJggg== 550 bytes ---- EOF - GMER 2.1 ----