dywan69 Opublikowano 19 Lipca 2015 Zgłoś Udostępnij Opublikowano 19 Lipca 2015 Analizowałem problem nie raz, skanowałem różnymi programami, oczywiście nic nie wykryto. Używałem Combofixu, nawet to nie pomogło.... (+usunąłem przez przypadek logi z tego programu) Prawdopodobnie jest to koparka kryptowaluty, ponieważ nie dość że obciąża mi całe GPU że ścina się dosłownie wszystko to jeszcze gdy odłącze internet to problem znika, a gdy podłącze pojawia się praktycznie od razu Posiadam Windows 7 64bit Chciałem wysłać w załączniku log z GMER ale "nie posiadam uprawnien do wysylania tego typu plikow", wiec posylam w spojlerze: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-19 12:04:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GB Running: n4gpmqpv.exe; Driver: C:\Users\pc\AppData\Local\Temp\uglcraoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077502ab1 5 bytes JMP 000000010096f046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[3936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d61401 2 bytes JMP 770fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d61419 2 bytes JMP 770fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d61431 2 bytes JMP 77178f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d6144a 2 bytes CALL 770d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d614dd 2 bytes JMP 77178822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d614f5 2 bytes JMP 771789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d6150d 2 bytes JMP 77178718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d61525 2 bytes JMP 77178ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d6153d 2 bytes JMP 770efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d61555 2 bytes JMP 770f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d6156d 2 bytes JMP 77178fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d61585 2 bytes JMP 77178b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d6159d 2 bytes JMP 771786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d615b5 2 bytes JMP 770efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d615cd 2 bytes JMP 770fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d616b2 2 bytes JMP 77178ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d616bd 2 bytes JMP 77178671 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424](2015-05-14 13:39:55) 0000000000400000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\libcurl.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424] (libcurl Shared Library/The cURL library, http://curl.haxx.se/)(2015-05-14 13:39:55) 000000006b240000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\libidn-11.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424](2015-05-14 13:39:55) 0000000069540000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\LIBEAY32.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-05-14 13:39:55) 0000000063000000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\SSLEAY32.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2015-05-14 13:39:55) 000000006e400000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\zlib1.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424](2015-05-14 13:39:55) 0000000062e80000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\libpdcurses.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424](2015-05-14 13:39:55) 0000000062200000 Library C:\Users\pc\AppData\Roaming\openvr\Reversed\pthreadGC2.dll (*** suspicious ***) @ C:\Users\pc\AppData\Roaming\openvr\Reversed\steam.exe [6424] (GNU C 32 bit/Open Source Software community LGPL)(2015-05-14 13:39:55) 0000000062480000 ---- EOF - GMER 2.1 ---- Proszę o szybką pomoc. // To nie ten dział, przepraszam - proszę o przeniesienie jeśli to możliwe. Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się