GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-20 06:26:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC4O 465,76GB Running: gmer.exe; Driver: C:\Users\Julka\AppData\Local\Temp\ugtiypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e88781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770e1401 2 bytes JMP 75eab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770e1419 2 bytes JMP 75eab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770e1431 2 bytes JMP 75f28fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770e144a 2 bytes CALL 75e8489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770e14dd 2 bytes JMP 75f288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770e14f5 2 bytes JMP 75f28aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770e150d 2 bytes JMP 75f287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770e1525 2 bytes JMP 75f28b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770e153d 2 bytes JMP 75e9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770e1555 2 bytes JMP 75ea68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770e156d 2 bytes JMP 75f29089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770e1585 2 bytes JMP 75f28bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770e159d 2 bytes JMP 75f2877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770e15b5 2 bytes JMP 75e9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770e15cd 2 bytes JMP 75eab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770e16b2 2 bytes JMP 75f28f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770e16bd 2 bytes JMP 75f28713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\cmd.exe[10224] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd7d1d90 12 bytes {MOV RAX, 0x31f634; JMP RAX} .text C:\Windows\system32\cmd.exe[10224] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd7e5444 12 bytes {MOV RAX, 0x31f594; JMP RAX} ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\Explorer.EXE[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\Explorer.EXE[USER32.dll!DeferWindowPos] [7fefa041da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\Explorer.EXE[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SHELL32.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7fefa041da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SHELL32.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\ole32.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\DUser.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\DUI70.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\IMM32.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\IMM32.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\MSCTF.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\MSCTF.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[USER32.dll!DeferWindowPos] [7fefa041da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[USER32.dll!SetWindowPos] [7fefa041bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[USER32.dll!MoveWindow] [7fefa041a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\Windows\Explorer.EXE[1556] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[USER32.dll!EndPaint] [7fefa041f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1108:1152] 000007fefb8cf2c0 Thread C:\Windows\System32\svchost.exe [1108:1248] 000007fefbd76204 Thread C:\Windows\System32\svchost.exe [1108:1772] 000007fefab0331c Thread C:\Windows\System32\svchost.exe [1108:1784] 000007fefaaea2b0 Thread C:\Windows\System32\svchost.exe [1108:2088] 000007fef87259a0 Thread C:\Windows\System32\svchost.exe [1108:2636] 000007fefd3d1a70 Thread C:\Windows\System32\svchost.exe [1108:5492] 000007fef42444d0 Thread C:\Windows\System32\svchost.exe [1108:6484] 000007fef45089b8 Thread C:\Windows\system32\svchost.exe [1140:5416] 000007fef6045c24 Thread C:\Windows\system32\svchost.exe [1140:5524] 000007fef604eff0 Thread C:\Windows\system32\svchost.exe [1140:5532] 000007fef5be4f84 Thread C:\Windows\system32\svchost.exe [1172:2116] 000007fef82f1dd0 Thread C:\Windows\system32\svchost.exe [1172:2132] 000007fef8251a50 Thread C:\Windows\system32\svchost.exe [1172:1480] 000007fefd3d1a70 Thread C:\Windows\system32\svchost.exe [1172:4708] 000007fefd3d1a70 Thread C:\Windows\system32\svchost.exe [1172:844] 000007fef40b17f8 Thread C:\Windows\system32\svchost.exe [1172:2788] 000007fef40b17f8 Thread C:\Windows\system32\svchost.exe [1172:2896] 000007fef314506c Thread C:\Windows\system32\svchost.exe [1172:4468] 000007fef5c01c20 Thread C:\Windows\system32\svchost.exe [1172:264] 000007fef5c01c20 Thread C:\Windows\system32\svchost.exe [1172:5680] 000007feee1d84d8 Thread C:\Windows\system32\svchost.exe [1172:5796] 000007feee1923a8 Thread C:\Windows\system32\svchost.exe [1172:3164] 000007feee270d00 Thread C:\Windows\system32\svchost.exe [1172:4912] 000007feee069498 Thread C:\Windows\system32\svchost.exe [1172:2704] 000007fef4755124 Thread C:\Windows\system32\svchost.exe [1172:5192] 000007feeeac1ab0 Thread C:\Windows\system32\svchost.exe [1172:8244] 000007fef43db68c Thread C:\Windows\Explorer.EXE [1556:2592] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2752] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2756] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2760] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2764] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2768] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:2864] 000000000319c5f0 Thread C:\Windows\Explorer.EXE [1556:4136] 000000000319c5f0 Thread C:\Windows\System32\spoolsv.exe [2188:5112] 000007fef67d10c8 Thread C:\Windows\System32\spoolsv.exe [2188:792] 000007fef6796144 Thread C:\Windows\System32\spoolsv.exe [2188:4156] 000007fef4b35fd0 Thread C:\Windows\System32\spoolsv.exe [2188:2968] 000007fef6773438 Thread C:\Windows\System32\spoolsv.exe [2188:3632] 000007fef4b363ec Thread C:\Windows\System32\spoolsv.exe [2188:1488] 000007fefa715e5c Thread C:\Windows\System32\spoolsv.exe [2188:2148] 000007fef68d5074 Thread C:\Windows\System32\spoolsv.exe [2188:4896] 000007fef6942288 Thread C:\Windows\system32\svchost.exe [2224:2240] 000007fefe57a808 Thread C:\Windows\system32\svchost.exe [2224:2248] 000007fef7ce0184 Thread C:\Windows\system32\svchost.exe [2224:2252] 000007fef7ce0184 Thread C:\Windows\system32\svchost.exe [2224:2256] 000007fef7ce0184 Thread C:\Windows\system32\svchost.exe [2224:2588] 000007fef7ce0184 Thread C:\Windows\system32\svchost.exe [2260:2284] 000007fefd3d1a70 Thread C:\Windows\system32\svchost.exe [2260:2288] 000007fefd3d1a70 Thread C:\Windows\system32\svchost.exe [2260:2300] 000007fefd3d1a70 Thread C:\Windows\system32\svchost.exe [2260:2308] 000007fef7ab2c70 Thread C:\Windows\system32\svchost.exe [2260:2316] 000007fef7abfb40 Thread C:\Windows\system32\svchost.exe [2260:2328] 000007fef7ad1d20 Thread C:\Windows\system32\svchost.exe [2260:2332] 000007fef7abf6f0 Thread C:\Windows\system32\svchost.exe [2260:2888] 000007fef84535c0 Thread C:\Windows\system32\svchost.exe [2260:3948] 000007fef8455600 Thread C:\Windows\system32\svchost.exe [2260:5412] 000007fef5e82888 Thread C:\Windows\system32\svchost.exe [2260:5452] 000007fef5e72940 Thread C:\Windows\System32\rundll32.exe [2948:2428] 00000001800e6040 Thread C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE [640:5560] 00000000720c781f Thread C:\Windows\system32\svchost.exe [3336:5684] 000007feee1f8470 Thread C:\Windows\system32\svchost.exe [3336:5688] 000007feee202418 Thread C:\Windows\system32\svchost.exe [3336:4044] 000007feee16f130 Thread C:\Windows\system32\svchost.exe [3336:5124] 000007feee164734 Thread C:\Windows\system32\svchost.exe [3336:2540] 000007feee164734 Thread C:\Windows\system32\svchost.exe [4516:4532] 000007fefe57a808 Thread C:\Windows\system32\svchost.exe [4516:4580] 000007fef44a7130 Thread C:\Windows\system32\svchost.exe [4516:4584] 000007fef449d5c0 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4692:4904] 0000000062f0785a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4692:4920] 0000000062c0ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4692:4940] 0000000062c0ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4692:4944] 0000000062c06447 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4692:4956] 0000000062eb247a Thread C:\Windows\System32\svchost.exe [4384:3296] 000007fee9569688 Thread C:\Windows\system32\svchost.exe [6240:6256] 000007fefe57a808 Thread C:\Windows\system32\taskhost.exe [7052:2424] 0000000000272030 Thread C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [5476:7904] 00000000777d7587 Thread C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [5476:5820] 0000000077d9c557 Thread C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [5476:4836] 0000000077db27c1 Thread C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [5476:7508] 0000000077db27c1 Thread C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [5476:8292] 0000000077db27c1 Thread C:\Windows\servicing\TrustedInstaller.exe [8804:4356] 000007fefe57a808 Thread C:\Windows\system32\conhost.exe [10068:10108] 0000000001a9c5d0 Thread C:\Windows\system32\conhost.exe [10068:4376] 00000000000cf5f8 Thread C:\Windows\system32\conhost.exe [8840:7888] 00000000002a1910 Thread C:\Windows\system32\conhost.exe [8840:3656] 00000000000cfcb8 Thread C:\Windows\explorer.exe [9272:8020] 00000000004ff7b0 Thread C:\Windows\explorer.exe [9272:8896] 00000000000d07b8 Thread C:\Windows\system32\PresentationHost.exe [8872:6464] 00000000004234d0 Thread C:\Windows\system32\PresentationHost.exe [8872:9100] 00000000000ced78 Thread C:\Windows\system32\ctfmon.exe [7432:9120] 0000000001c42470 Thread C:\Windows\system32\ctfmon.exe [7432:9500] 00000000000efe78 Thread C:\Windows\system32\cmd.exe [9096:9128] 0000000000323f10 Thread C:\Windows\system32\cmd.exe [9096:5136] 000000000011fff8 Thread C:\Windows\system32\conhost.exe [9292:8568] 0000000001a82090 Thread C:\Windows\system32\conhost.exe [9292:8752] 00000000000ced78 Thread C:\Windows\system32\conhost.exe [9292:5440] 00000000000d1f2c Thread C:\Windows\system32\msiexec.exe [9168:3136] 00000000003fe2f0 Thread C:\Windows\system32\msiexec.exe [9168:6220] 00000000001007f8 Thread C:\Windows\system32\msiexec.exe [9168:8832] 00000000001039ac Thread C:\Windows\system32\ctfmon.exe [5808:4768] 0000000001bddd50 Thread C:\Windows\system32\ctfmon.exe [5808:2840] 000000000008f478 Thread C:\Windows\system32\conhost.exe [2140:5760] 0000000000272450 Thread C:\Windows\system32\conhost.exe [2140:7852] 00000000000cf8b8 Thread C:\Windows\system32\conhost.exe [2140:10144] 00000000000d2a6c Thread C:\Windows\system32\conhost.exe [5544:3824] 000000000023fff0 Thread C:\Windows\system32\conhost.exe [5544:8312] 00000000000d0938 Thread C:\Windows\system32\conhost.exe [5544:6656] 00000000000d3aec Thread C:\Windows\system32\dllhost.exe [3960:6408] 000000000041ddf0 Thread C:\Windows\system32\dllhost.exe [3960:9920] 00000000000bf938 Thread C:\Windows\system32\dllhost.exe [3960:8060] 00000000000c2aec Thread C:\Windows\system32\conhost.exe [8360:10208] 00000000002335d0 Thread C:\Windows\system32\conhost.exe [8360:2200] 00000000000d0778 Thread C:\Windows\system32\taskhost.exe [9236:10056] 00000000003905b0 Thread C:\Windows\system32\taskhost.exe [9236:7252] 00000000000bf2b8 Thread C:\Windows\system32\cmd.exe [10224:5448] 0000000000323330 Thread C:\Windows\system32\cmd.exe [10224:8396] 000000000008f0b8 ---- Processes - GMER 2.1 ---- Library c:\system.sav\util\hprpguard.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1556] (HPRPGuard Module/Hewlett-Packard (HP))(2011-03-14 03:57:52) 000000000eb80000 Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [2744](2010-08-19 08:52:04) 0000000000400000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2816] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-08-19 08:52:14) 0000000000400000 Process C:\Users\Julka\AppData\Roaming\blueconnect\ouc.exe (*** suspicious ***) @ C:\Users\Julka\AppData\Roaming\blueconnect\ouc.exe [3024] (Online Update Clinet/Huawei Technologies Co., Ltd.)(2011-12-07 19:36:29) 0000000000400000 Process C:\Users\Julka\AppData\Local\Temp\Rar$EX06.698\gmer.exe (*** suspicious ***) @ C:\Users\Julka\AppData\Local\Temp\Rar$EX06.698\gmer.exe [7308](2015-11-19 22:25:29) 0000000000400000 ---- EOF - GMER 2.1 ----