Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:18, on 19.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files\lenovo\lenovo solution center\lsc.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{614F1BC4-5026-4228-BAA2-028217FD085E}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: DraftSight API Service - Dassault Systemes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14774 bytes
Trojan:JS/FrameRef Vyřešeno
Re: Trojan:JS/FrameRef
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 14:20:17
-----------------------------
14:20:17.379 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:17.379 Number of processors: 4 586 0x2A07
14:20:17.379 ComputerName: ADMIN UserName:
14:20:18.510 Initialize success
14:20:31.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:31.690 Disk 0 Vendor: HITACHI_ JF3Z Size: 476940MB BusType: 3
14:20:31.690 Disk 0 MBR read successfully
14:20:31.711 Disk 0 MBR scan
14:20:31.715 Disk 0 unknown MBR code
14:20:31.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
14:20:31.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459438 MB offset 3074048
14:20:31.766 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072
14:20:31.796 Disk 0 scanning C:\Windows\system32\drivers
14:20:37.723 Service scanning
14:20:55.079 Modules scanning
14:20:55.095 Disk 0 trace - called modules:
14:20:55.142 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:20:55.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066a2060]
14:20:55.162 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8003cf4800]
14:20:55.172 5 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800543d050]
14:20:55.179 Scan finished successfully
14:21:09.643 Disk 0 MBR has been saved successfully to "C:\Users\Uzivatel\Desktop\MBR.dat"
14:21:09.647 The log file has been saved successfully to "C:\Users\Uzivatel\Desktop\aswMBR.txt"
Run date: 2013-01-19 14:20:17
-----------------------------
14:20:17.379 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:17.379 Number of processors: 4 586 0x2A07
14:20:17.379 ComputerName: ADMIN UserName:
14:20:18.510 Initialize success
14:20:31.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:31.690 Disk 0 Vendor: HITACHI_ JF3Z Size: 476940MB BusType: 3
14:20:31.690 Disk 0 MBR read successfully
14:20:31.711 Disk 0 MBR scan
14:20:31.715 Disk 0 unknown MBR code
14:20:31.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
14:20:31.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459438 MB offset 3074048
14:20:31.766 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072
14:20:31.796 Disk 0 scanning C:\Windows\system32\drivers
14:20:37.723 Service scanning
14:20:55.079 Modules scanning
14:20:55.095 Disk 0 trace - called modules:
14:20:55.142 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:20:55.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066a2060]
14:20:55.162 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8003cf4800]
14:20:55.172 5 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800543d050]
14:20:55.179 Scan finished successfully
14:21:09.643 Disk 0 MBR has been saved successfully to "C:\Users\Uzivatel\Desktop\MBR.dat"
14:21:09.647 The log file has been saved successfully to "C:\Users\Uzivatel\Desktop\aswMBR.txt"
Re: Trojan:JS/FrameRef
Složku C:\antitwined neznám. Je prázdná.
oprava: Omlouvám se už jsem to našla. Je to složka programu na vyhledávání duplicitních slouborů Anti-Twin
oprava: Omlouvám se už jsem to našla. Je to složka programu na vyhledávání duplicitních slouborů Anti-Twin
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan:JS/FrameRef
RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 09:08:30
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 12 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++
--- User ---
[MBR] f3f844853c1d806441e75068c7ada2b5
[BSP] 2888ae959d889d576a1aaa0a126ff27a : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7c0a1b8cb6d4e190657e49e4439ac90d
[BSP] 926a8ce0bf056de8a29a1ebbb9b89b54 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
Dokončeno : << RKreport[1]_S_01252013_02d0908.txt >>
RKreport[1]_S_01252013_02d0908.txt
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 09:08:30
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 12 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++
--- User ---
[MBR] f3f844853c1d806441e75068c7ada2b5
[BSP] 2888ae959d889d576a1aaa0a126ff27a : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7c0a1b8cb6d4e190657e49e4439ac90d
[BSP] 926a8ce0bf056de8a29a1ebbb9b89b54 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
Dokončeno : << RKreport[1]_S_01252013_02d0908.txt >>
RKreport[1]_S_01252013_02d0908.txt
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Zvol možnost Prohledat a poté Smazat a následně Zpráva - otevře se log, ten sem prosím vlož celý.
Oprava MBR , zaškrtnout
Kontrola Faked , zaškrtnout
Antirootkit , zaškrtnout
pak se otevře zpráva , vlož ji sem.
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Zvol možnost Prohledat a poté Smazat a následně Zpráva - otevře se log, ten sem prosím vlož celý.
Oprava MBR , zaškrtnout
Kontrola Faked , zaškrtnout
Antirootkit , zaškrtnout
pak se otevře zpráva , vlož ji sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan:JS/FrameRef
RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Odebrat -- Datum : 01/25/2013 12:41:20
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] pwdcrack.exe -- C:\Users\Uzivatel\AppData\Local\Temp\Rar$EXa0.296\pwdcrack.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Odebrat -- Datum : 01/25/2013 12:41:20
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] pwdcrack.exe -- C:\Users\Uzivatel\AppData\Local\Temp\Rar$EXa0.296\pwdcrack.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Udělej ještě ten první log z RK znovu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan:JS/FrameRef
RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 22:48:35
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++
--- User ---
[MBR] f3f844853c1d806441e75068c7ada2b5
[BSP] 2888ae959d889d576a1aaa0a126ff27a : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7c0a1b8cb6d4e190657e49e4439ac90d
[BSP] 926a8ce0bf056de8a29a1ebbb9b89b54 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
Dokončeno : << RKreport[4]_S_01252013_02d2248.txt >>
RKreport[1]_S_01252013_02d0908.txt ; RKreport[2]_S_01252013_02d1239.txt ; RKreport[3]_D_01252013_02d1241.txt ; RKreport[4]_S_01252013_02d2248.txt
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Uzivatel [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 22:48:35
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++
--- User ---
[MBR] f3f844853c1d806441e75068c7ada2b5
[BSP] 2888ae959d889d576a1aaa0a126ff27a : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7c0a1b8cb6d4e190657e49e4439ac90d
[BSP] 926a8ce0bf056de8a29a1ebbb9b89b54 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
Dokončeno : << RKreport[4]_S_01252013_02d2248.txt >>
RKreport[1]_S_01252013_02d0908.txt ; RKreport[2]_S_01252013_02d1239.txt ; RKreport[3]_D_01252013_02d1241.txt ; RKreport[4]_S_01252013_02d2248.txt
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Udělej znovu TDSSKiller.
+
Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.
Abychom se dostali k "hlavnímu" skenu a získaní logu z něj, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan
Vyčkej konce skenu (což trvá tak kolem pěti- deseti minut), pote opět klikni na tlačitko Save a vyexportuj log čislo 2,i tento log vlož sem.
+
Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.
Abychom se dostali k "hlavnímu" skenu a získaní logu z něj, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan
Vyčkej konce skenu (což trvá tak kolem pěti- deseti minut), pote opět klikni na tlačitko Save a vyexportuj log čislo 2,i tento log vlož sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan:JS/FrameRef
Dobrá ráno. TDSSKiller nic nenašel. Tady je první log GMER.
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-26 09:17:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: gmer.exe; Driver: C:\Users\Uzivatel\AppData\Local\Temp\pxtdrpob.sys
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2552] 0000000071f00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [3496] 00000000751b0000
---- EOF - GMER 2.0 ----
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-26 09:17:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: gmer.exe; Driver: C:\Users\Uzivatel\AppData\Local\Temp\pxtdrpob.sys
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2552] 0000000071f00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [3496] 00000000751b0000
---- EOF - GMER 2.0 ----
Re: Trojan:JS/FrameRef
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-26 09:27:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: gmer.exe; Driver: C:\Users\Uzivatel\AppData\Local\Temp\pxtdrpob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8392750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8392b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8397de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8398130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8391908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8391c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef83981d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8392878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8397a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8396c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef83977bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8397064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8396544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8395e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2552] 0000000071f00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [3496] 00000000751b0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@1c62b8b17d3a 0xDD 0xA4 0x35 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@782eef925c8e 0x50 0xF0 0x8B 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@1c62b8b17d3a 0xDD 0xA4 0x35 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@782eef925c8e 0x50 0xF0 0x8B 0x57 ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Rootkit scan 2013-01-26 09:27:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: gmer.exe; Driver: C:\Users\Uzivatel\AppData\Local\Temp\pxtdrpob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2956] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes [0A, 76]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes [0A, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes [0A, 76]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8392750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8392b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8397de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8398130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8391908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8391c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef83981d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8392878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8397a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8396c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef83977bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8397064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8396544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8395e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2552] 0000000071f00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [3496] 00000000751b0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@1c62b8b17d3a 0xDD 0xA4 0x35 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@782eef925c8e 0x50 0xF0 0x8B 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@1c62b8b17d3a 0xDD 0xA4 0x35 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b401b2@782eef925c8e 0x50 0xF0 0x8B 0x57 ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host