GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-27 21:43:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: fr42djzk.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\system32\services.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\system32\winlogon.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\System32\svchost.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\system32\svchost.exe[428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\Explorer.EXE[1400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files\IDT\WDM\AESTSr64.exe[1904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\hasplms.exe[2328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[2612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[3176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Windows\System32\rundll32.exe[3344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files\DellTPad\Apoint.exe[3892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\System32\rundll32.exe[3912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[3940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4040] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[4056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files\DellTPad\Apntex.exe[4028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Windows\system32\conhost.exe[4112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2efcd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000744911a8 2 bytes [49, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007449127d 2 bytes CALL 74e014b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000074491310 2 bytes CALL 74e014b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000744913a8 2 bytes [49, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074491422 2 bytes [49, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4316] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074491498 2 bytes [49, 74] .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1156] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3436] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074e08769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 74e2b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 74e2b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 74ea8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 74e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 74ea8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 74ea89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 74ea86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 74ea8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 74e1fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000074c61555 2 bytes JMP 74e268bf C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 74ea8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 74ea8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 74ea86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 74e1fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 74e2b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 74ea8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 74ea8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[6128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5276] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] .text C:\Users\USER\Desktop\Nowy folder\Nowy folder\fr42djzk.exe[3788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e2a2cd 1 byte [62] ---- Processes - GMER 2.1 ---- Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_zvdfv.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-04-27 18:58:06) 0000000004ef0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 0000000062f30000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU I18N DLL/The ICU Project)(2015-04-19 17:39:24) 000000004a900000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU Common DLL/The ICU Project)(2015-04-19 17:39:24) 0000000005eb0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU Data DLL/The ICU Project)(2015-04-19 17:39:24) 000000004ad00000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 00000000620d0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 0000000061de0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-04-19 17:39:24) 0000000061d20000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 0000000061440000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000060380000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000062510000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 000000005ffc0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000062dc0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-04-19 17:39:24) 0000000073eb0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 000000005ff90000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 000000005ff50000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 000000005ff00000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-04-19 17:39:24) 000000005fe20000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-04-19 17:39:24) 000000005fde0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289a72f46 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773726306c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773733b3a4 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289a72f46 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773726306c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773733b3a4 (not active ControlSet) ---- EOF - GMER 2.1 ----