GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-07 01:53:29 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502IJ rev.1AA01113 Running: gmer.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\awrdikob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA049A7A0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA049A848] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA049A8E4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA049A980] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83289569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832AE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 832B5AF8 4 Bytes [A0, A7, 49, A0] .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 832B5DC8 8 Bytes [48, A8, 49, A0, E4, A8, 49, ...] {DEC EAX; TEST AL, 0x49; MOV AL, [0xa049a8e4]} .text ntkrnlpa.exe!RtlSidHashLookup + 82C 832B5E3C 4 Bytes [80, A9, 49, A0] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0AA0000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0AA0123 629 Bytes [B5, A9, A0, FE, 05, 34, B5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0AA0399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A0AA03FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A0AA04AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] ntdll.dll!NtQueryInformationProcess 772D52F0 5 Bytes JMP 001A1CA0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] ntdll.dll!LdrLoadDll 772EF5B5 5 Bytes JMP 01171410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!closesocket 76223BED 5 Bytes JMP 0018CD56 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!recv 762247DF 5 Bytes JMP 0018C970 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!GetAddrInfoW 762260F5 5 Bytes JMP 0018BE67 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!getaddrinfo 76226737 5 Bytes JMP 0018BD87 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!WSASend 762268A7 5 Bytes JMP 0018CA1E .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!WSARecv 7622C29F 5 Bytes JMP 0018CAF2 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!send 7622C4C8 5 Bytes JMP 0018C8CB .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!WSAAsyncGetHostByName 76236D2A 5 Bytes JMP 0018C15D .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WS2_32.dll!gethostbyname 76237133 5 Bytes JMP 0018BCC6 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!DrawTextExW 762D7BDD 5 Bytes JMP 0018D349 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!DrawTextW 762D8220 5 Bytes JMP 0018D187 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!SetClipboardData 762E4979 5 Bytes JMP 0018CDFD .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!DrawTextA 762EA482 5 Bytes JMP 0018D0AC .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!DrawTextExA 762EA4B9 5 Bytes JMP 0018D262 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!DialogBoxParamW 762F564A 5 Bytes JMP 0018C23C .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!ExtTextOutW 769B8053 5 Bytes JMP 0018D514 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!GetGlyphIndicesW 769BB521 5 Bytes JMP 0018D9A1 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!ExtTextOutA 769C0158 5 Bytes JMP 0018D430 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!TextOutA 769C0878 5 Bytes JMP 0018CF14 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!TextOutW 769D14B9 5 Bytes JMP 0018CFE0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!GetGlyphIndicesA 769DBC42 5 Bytes JMP 0018D8D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WININET.dll!InternetCrackUrlA 76760E65 5 Bytes JMP 0018DC67 .text C:\Program Files\Mozilla Firefox\firefox.exe[5132] WININET.dll!InternetCrackUrlW 7678C447 5 Bytes JMP 0018DDB0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5672] USER32.dll!GetWindowInfo 762D6A82 5 Bytes JMP 64275451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5672] USER32.dll!TrackPopupMenu 762F4B3B 5 Bytes JMP 64275A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1832] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00412D3E] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00412DB6] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [00412DB6] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\ole32.dll [USER32.dll!ShowWindow] [00412E2E] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00412DB6] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowPos] [00412EDC] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ShowWindow] [00412E2E] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [00412DB6] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos] [00412EDC] C:\Users\Dawid\AppData\Local\Temp\Jhx.exe (nXMicro setup 0R/Sun Microsystems, Inc.) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Dawid\AppData\Local\Temp\Jhx.exe[4552] @ C:\Windows\system32\regapi.dll [KERNEL32.dll!GetProcAddress] [74B45E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\Users\Dawid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P2QMP3M\warning[2] 0 bytes File C:\Users\Dawid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3Y0RMI3\error[1] 0 bytes ---- EOF - GMER 1.0.15 ----