GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-22 22:32:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 931,51GB Running: gmer.exe; Driver: C:\Users\EURORT~1\AppData\Local\Temp\kgtyqfog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[348] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2828] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll ? C:\windows\system32\mssprxy.dll [2828] entry point in ".rdata" section 00000000740d71e6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000744311a8 2 bytes [43, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007443127d 2 bytes CALL 763514c9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000074431310 2 bytes CALL 763514c9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000744313a8 2 bytes [43, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074431422 2 bytes [43, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3200] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074431498 2 bytes [43, 74] .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1744] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4020] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2076] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f91401 2 bytes JMP 7637b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f91419 2 bytes JMP 7637b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f91431 2 bytes JMP 763f8f29 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f9144a 2 bytes CALL 7635489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f914dd 2 bytes JMP 763f8822 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f914f5 2 bytes JMP 763f89f8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f9150d 2 bytes JMP 763f8718 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f91525 2 bytes JMP 763f8ae2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f9153d 2 bytes JMP 7636fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f91555 2 bytes JMP 763768ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f9156d 2 bytes JMP 763f8fe3 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f91585 2 bytes JMP 763f8b42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f9159d 2 bytes JMP 763f86dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f915b5 2 bytes JMP 7636fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f915cd 2 bytes JMP 7637b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f916b2 2 bytes JMP 763f8ea4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f916bd 2 bytes JMP 763f8671 C:\windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\AUDIODG.EXE [468:5412] 00000000745d5f78 Thread C:\windows\system32\AUDIODG.EXE [468:4112] 00000000745d60f8 Thread C:\windows\system32\AUDIODG.EXE [468:3084] 00000000745e8e54 Thread C:\windows\system32\AUDIODG.EXE [468:4384] 00000000745e8fb8 ---- Processes - GMER 2.1 ---- Library c:\users\eurort~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2bjylj.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-06-22 19:10:05) 0000000003b70000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006e650000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005db0000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006de10000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006f7a0000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 0000000070290000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e470000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000065440000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e250000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069d40000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000070c10000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 00000000744b0000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000070be0000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000070250000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006f700000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 000000006cb60000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 0000000070a00000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 00000000713b0000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 0000000067630000 Library C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\euro rtv agd\AppData\Roaming\Dropbox\bin\Dropbox.exe [3756](2015-03-04 21:45:30) 0000000070ce0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00006b0289b0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dea2fe30 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00006b0289b0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dea2fe30 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----