Aliexpress ,gamesdesktop, i startsurf w gc wirus

**Posty:** 503 · przez **Lucky17** 05 Wrz 2015, 13:34

Dobry wszystkim.
Zaraza. Jeden program pobrałem z chip.pl i komputer sam instaluje sobie wredne oprogramowanie. Wystarczy odejść od kompa na 30 min, i przegladarka, system maja 10 programów więcej. Usuwanie ich z panelu sterowania nic nie daje. Oczywiście, usunie program na jakieś 10 minut.
Mowa o programach: Istartsurf w przegladarce, Gamesdesktop i VOPacket (chyba) - bo aktualnie go nie ma.

Dodatkowo aliexpress. Korzystałem z tego serwisu. Podczas stukania haseł w google.com, przekierowuje czasem automatycznie na stronę aliexpress.com.

Międzygalaktyczni obróncy systemu windows wzywam Was o pomoc.

PS: Za chwilę dodam logi z gmera.

Dodano 05.09.2015 13:23:24:

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-05 14:22:53 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160811AS rev.3.AAE 149,05GB Running: co7n632x.exe; Driver: S:\Users\Lucky\AppData\Local\Temp\awrdqkow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text S:\Windows\Explorer.EXE[1628] S:\Windows\system32\kernel32.dll!CreateProcessW 00000000775fe7b0 5 bytes JMP 00000001046a0018 .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp[1084] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1728] S:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[2056] S:\Windows\syswow64\kernel32.dll!CreateThread 0000000076e81ea8 5 bytes JMP 0000000102470770 .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Voltit.exe[2472] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\pWdsManProp\WdsManPro.exe[2548] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[3512] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\KERNEL32.dll .text S:\ProgramData\Voltit\Plusing.exe[4872] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\KERNEL32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\Skype\Phone\Skype.exe[3648] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp[5252] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe[3196] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe[5780] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe[3208] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\gmsd_pl_005010080\gmsd_pl_005010080.exe[5348] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Program Files (x86)\SFK\SSFK.exe[3816] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll ? S:\Windows\system32\mssprxy.dll [3816] entry point in ".rdata" section 00000000752c71e6 .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp[6244] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll ? S:\Windows\system32\mssprxy.dll [6244] entry point in ".rdata" section 00000000752c71e6 .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\system\rads_user_kernel.exe[6184] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe[4728] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076e8d03c 5 bytes [33, C0, C2, 04, 00] .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 76e9eb26 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 76eab513 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76f28609 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 76e81dfa S:\Windows\syswow64\kernel32.dll .text ... * 9 .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 76f27efe S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76f280d8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76f27df4 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76f281c2 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 76e9f088 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 76eab885 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76f286c1 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76f28222 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 76f27db8 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 76e9f121 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 76eab29f S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76f28584 S:\Windows\syswow64\kernel32.dll .text G:\Lol\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe[3456] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 76f27d4d S:\Windows\syswow64\kernel32.dll ---- Kernel code sections - GMER 2.1 ---- INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread S:\Windows\system32\svchost.exe [1220:1756] 000007feff80a808 ---- Processes - GMER 2.1 ---- Process S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe [3512] (µTorrent/BitTorrent Inc.)(2014-04-19 22:30:51) 0000000000400000 Process S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\Temp\nsb75CF.tmp [5252](2015-09-04 16:13: 0000000000400000 Process S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe [3196] (SmartWeb helper/SoftBrain Technologies Ltd.)(2015-02-17 11:00:10) 0000000001180000 Process S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe [5780] (SmartWeb Application/SoftBrain Technologies Ltd.)(2015-02-17 11:00:06) 0000000001380000 Library S:\Users\Lucky\AppData\Local\SmartWeb\swhk.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebApp.exe [5780] (SoftBrain Technologies Ltd.)(2015-02-17 11:00:06) 000000006d010000 Process S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\gmsd_pl_005010080\upgmsd_pl_005010080.exe [3208](2015-09-05 09:20:20) 0000000000bb0000 Process S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp [6244] (Setup/CMI Limited)(2015-09-05 11:10:00) 0000000000400000 Library S:\Users\Lucky\AppData\Local\Temp\nsr1575.tmp\System.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp [6244](2015-09-05 11:10:01) 0000000010000000 Library S:\Users\Lucky\AppData\Local\Temp\nsr1575.tmp\ProcessKiller.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp [6244](2015-09-05 11:10:03) 00000000752d0000 Library S:\Users\Lucky\AppData\Local\Temp\nsr1575.tmp\nsis-progressbar.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Local\Temp\nsx1037.tmp [6244](2015-09-05 11:10:03) 00000000734a0000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@\24:\Users\Lucky\Desktop\ComboFix.exe 1 ---- EOF - GMER 2.1 ----

**Posty:** 4765 · przez **ordynat** 05 Wrz 2015, 14:29

1) Odinstaluj te programy:
PhraseProfessor 1.10.0.24 (HKLM-x32\...\PhraseProfessor_1.10.0.24) (Version: 1.10.0.24 - PhraseProfessor) <==== UWAGA
SafeFinder (HKLM-x32\...\{F2C014E3-839D-4A59-AA57-2A2D37E80961}) (Version: 1.0.0.0 - Linkury)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== UWAGA

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego

3) Otwórz Notatnik i wklej w nim:

Task: {0DE562D1-B51C-4C7E-9D0C-C91E3DEA56AE} - System32\Tasks\{51C27F90-5A04-45C5-AF3A-043AA1A37E65} => pcalua.exe -a "S:\Users\Lucky\Desktop\Fender_Universal_ASIO_2_10_F_Win7 (1).exe" -d S:\Users\Lucky\Desktop
Task: {114CC27E-DD03-4B86-8F0B-F978527F68D8} - System32\Tasks\{C950E1FE-E110-4CA7-ACEB-D1BECF9416D5} => pcalua.exe -a "S:\Users\Lucky\Desktop\Guitar Pro 5.2.exe" -d S:\Users\Lucky\Desktop
Task: {23E72ADC-E54D-43E5-9BDB-F97162BCC83F} - System32\Tasks\Rx6UeYLcYe1R7bAy27I => S:\Users\Lucky\AppData\Roaming\Rx6UeYLcYe1R7bAy27I.exe [2015-04-20] () <==== UWAGA
S:\Users\Lucky\AppData\Roaming\Rx6UeYLcYe1R7bAy27I.exe
Task: {3286941C-0E46-481A-A451-04E04C0CF462} - System32\Tasks\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5 => S:\Program Files (x86)\Plus.HD_3.5V04.09\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5.exe <==== UWAGA
Task: {4FE4E58A-3144-4B45-B3BD-37ED913BEA28} - System32\Tasks\SmartWeb Upgrade Trigger Task => S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== UWAGA
S:\Users\Lucky\AppData\Local\SmartWeb
S:\Program Files (x86)\Plus.HD_3.5V04.09
Task: {9FDAB54B-C58E-4315-B133-8A1AA629428B} - System32\Tasks\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5_user => S:\Program Files (x86)\Plus.HD_3.5V04.09\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5.exe <==== UWAGA
Task: {A91915F3-E425-4F81-9604-965EB87A0746} - System32\Tasks\3uyE8OLKtd => S:\Users\Lucky\AppData\Roaming\3uyE8OLKtd.exe [2015-04-20] () <==== UWAGA
S:\Users\Lucky\AppData\Roaming\3uyE8OLKtd.exe
Task: {E78D7507-631C-4822-9FE0-626AB646801C} - System32\Tasks\MyBrowser => S:\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe
Task: {F3887C71-F92A-4A41-AF87-56D0F917986E} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => S:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe [2015-09-02] (PhraseProfessor) <==== UWAGA
Task: {F5C29163-795B-48D9-BB8B-3E08A2EB763B} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => S:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe [2015-09-02] (PhraseProfessor) <==== UWAGA
S:\Program Files (x86)\PhraseProfessor_1.10.0.24
S:\Program Files (x86)\MyBrowser
Task: S:\Windows\Tasks\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5.job => S:\Program Files (x86)\Plus.HD_3.5V04.09\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5.exe <==== UWAGA
Task: S:\Windows\Tasks\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5_user.job => S:\Program Files (x86)\Plus.HD_3.5V04.09\39c7c12c-034f-4685-bb51-ff1c6f1a2402-5.exe <==== UWAGA
Task: S:\Windows\Tasks\3uyE8OLKtd.job => S:\Users\Lucky\AppData\Roaming\3uyE8OLKtd.exe <==== UWAGA
Task: S:\Windows\Tasks\Rx6UeYLcYe1R7bAy27I.job => S:\Users\Lucky\AppData\Roaming\Rx6UeYLcYe1R7bAy27I.exe <==== UWAGA
S:\Program Files (x86)\SFK
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S:\ProgramData\pWdsManProp
S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0
AlternateDataStreams: S:\ProgramData\Microsoft:9AdJKOueM8CxA8Hlky1sxYa5CH
AlternateDataStreams: S:\ProgramData\Microsoft:gIgtMKemXpRtYsEqVHH
AlternateDataStreams: S:\ProgramData\Microsoft:jAmxG42i4jxNNGlHQ8JrMSrt
AlternateDataStreams: S:\ProgramData\Microsoft:MPcxb5qvbZNyAcexytY
AlternateDataStreams: S:\ProgramData\Microsoft:ni2uHDg2ntQwiznU3C9aJ
AlternateDataStreams: S:\Users\Lucky\Ustawienia lokalne:PnrFxiIIjHcs2PlY1K7zV1
AlternateDataStreams: S:\Users\Lucky\Ustawienia lokalne:UwbD7C7rd1SdipHYO0kW8
AlternateDataStreams: S:\Users\Lucky\AppData\Local:PnrFxiIIjHcs2PlY1K7zV1
AlternateDataStreams: S:\Users\Lucky\AppData\Local:UwbD7C7rd1SdipHYO0kW8
AlternateDataStreams: S:\Users\Lucky\AppData\Local\Dane aplikacji:PnrFxiIIjHcs2PlY1K7zV1
AlternateDataStreams: S:\Users\Lucky\AppData\Local\Dane aplikacji:UwbD7C7rd1SdipHYO0kW8
AlternateDataStreams: S:\Users\Lucky\AppData\Local\Temp:yIjTrbmgjP5PDaA2WBb5MPO
AlternateDataStreams: S:\Users\Lucky\AppData\Local\Temporary Internet Files:DmZ83sVXN9XRnb6mZiijEib1Af
FirewallRules: [{63F25EFE-7239-4A91-9771-C4FE204C5472}] => (Allow) S:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe
HKLM-x32\...\Run: [gmsd_pl_005010079] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010080] => [X]
HKLM-x32\...\Run: [SmartWeb] => S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
Startup: S:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-05]
ShortcutTarget: SmartWeb.lnk -> S:\Users\Lucky\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
HKU\S-1-5-21-3683211293-1044024623-4165341542-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
HKU\S-1-5-21-3683211293-1044024623-4165341542-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4kk6-k0Z5CA6pgLDsXMrI2dRY4w05rgoZaGJT0AcAsTStdylovUWhaxg2b-atkoGntJyzzMWXUhAzFB5kgOWWRQrw4d3qy9R7-2VpM4KESiKtnivEcTRET9EmrOq-qqfgGvd2vtaXqt6&q={searchTerms}
HKU\S-1-5-21-3683211293-1044024623-4165341542-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4kk6-k0Z5CA6pgLDsXMrI2dRY4w05rgoZaGJT0AcAsTStdylovUWhaxg2b-atkoGkgRlvG_RqbfSLQHYRg4xwPWPO7FM7Qw3Ibblms117Vn8efS1ZdOvxPBCl7NzsXOCkvINXXWM55gv
HKU\S-1-5-21-3683211293-1044024623-4165341542-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4kk6-k0Z5CA6pgLDsXMrI2dRY4w05rgoZaGJT0AcAsTStdylovUWhaxg2b-atkoGntJyzzMWXUhAzFB5kgOWWRQrw4d3qy9R7-2VpM4KESiKtnivEcTRET9EmrOq-qqfgGvd2vtaXqt6&q={searchTerms}
HKU\S-1-5-21-3683211293-1044024623-4165341542-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4kk6-k0Z5CA6pgLDsXMrI2dRY4w05rgoZaGJT0AcAsTStdylovUWhaxg2b-atkoGntJyzzMWXUhAzFB5kgOWWRQrw4d3qy9R7-2VpM4KESiKtnivEcTRET9EmrOq-qqfgGvd2vtaXqt6&q={searchTerms}
URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
StartMenuInternet: IEXPLORE.EXE - S:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1441451318&z=0b0f24f82a6dd01c78cc00ag7z6zfg2zewcg6geb4c&from=face&uid=ST3160811AS_6PT1TDZZXXXX6PT1TDZZ
R2 jimocoso; S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\jnsvF142.tmp [227328 2015-09-04] () [Brak podpisu cyfrowego]
R2 ppsvc_1.10.0.24; S:\Program Files (x86)\PhraseProfessor_1.10.0.24\Service\ppsvc.exe [301664 2015-09-02] (PhraseProfessor)
R2 SSFK; S:\Program Files (x86)\SFK\SSFK.exe [411648 2015-09-05] (TODO: <公司名>) [Brak podpisu cyfrowego]
R2 totyseku; S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\hnsq6C7.tmp [137728 2015-09-04] () [Brak podpisu cyfrowego]
R4 WdsManPro; S:\ProgramData\pWdsManProp\WdsManPro.exe [709288 2015-09-05] (DTools LIMITED)
R2 byzypiky; S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\knspD9F4.tmpfs [X]
S2 gopibeko; S:\Users\Lucky\AppData\Local\CB687660-1441393312-11DF-8D96-485B3933B2E0\snsv65E7.tmp [X]
R1 ppfd_vt_1_10_0_24; S:\Windows\System32\drivers\ppfd_vt_1_10_0_24.sys [61328 2015-09-02] (PhraseProfessor)
S2 AODDriver4.2.0; \??\S:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\S:\ComboFix\catchme.sys [X]
2015-09-05 13:38 - 2015-09-05 13:38 - 00004210 _____ S:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update
2015-09-05 13:38 - 2015-09-05 13:38 - 00004200 _____ S:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core
2015-09-05 13:38 - 2015-09-05 13:38 - 00000000 ____D S:\Program Files (x86)\PhraseProfessor_1.10.0.24
2015-09-05 13:37 - 2015-09-05 13:37 - 00000000 ____D S:\Program Files (x86)\predm
2015-09-05 13:10 - 2015-09-05 14:24 - 00000000 ____D S:\Program Files (x86)\AnyProtectEx
2015-09-05 13:10 - 2015-09-05 13:10 - 00613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsx1037.tmp
2015-09-05 13:10 - 2015-09-05 13:10 - 00000000 __SHD S:\Users\Lucky\AppData\Roaming\AnyProtectEx
2015-09-05 13:08 - 2015-09-05 13:32 - 00000000 ____D S:\Users\Lucky\AppData\Roaming\istartsurf
2015-09-05 13:08 - 2015-09-05 13:08 - 00004046 _____ S:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-09-05 13:08 - 2015-09-05 13:08 - 00000000 ____D S:\Users\Lucky\AppData\Local\SmartWeb
2015-09-05 13:08 - 2015-09-05 13:08 - 00000000 ____D S:\ProgramData\1WdsManPro1
2015-09-05 11:43 - 2015-09-05 11:43 - 00613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsk81B7.tmp
2015-09-05 11:21 - 2015-09-05 11:22 - 00000000 ____D S:\ProgramData\pWdsManProp
2015-09-04 18:10 - 2015-09-04 18:11 - 00000000 ____D S:\ProgramData\7WdsManPro7
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

4)

R2 Voltit; S:\ProgramData\Voltit\Voltit.exe [33280 2015-09-03] () [Brak podpisu cyfrowego]

Znasz to?

5) Zrób nowe logi FRST.
.

Autor postu otrzymał pochwałę

**Posty:** 503 · przez **Lucky17** 05 Wrz 2015, 14:56

Dzięki za odp.

Kod: Zaznacz wszystko: # AdwCleaner v5.005 - Utworzono raport 05/09/2015 o 14:54:59 # Ostatnia aktualizacja 31/08/2015 przez Xplode # Baza danych : 2015-09-04.4 [Serwer] # System operacyjny : Windows 7 Ultimate (x64) # Nazwa użytkownika : Lucky - LUCKY-KOMPUTER # Lokalizacja programu : S:\Users\Lucky\Desktop\adwcleaner_5.005 (1).exe # Działanie : Skanuj # Wsparcie : http://toolslib.net/forum ***** [ Usługi ] ***** Usługa znaleziono : SSFK Usługa znaleziono : ppfd_vt_1_10_0_24 ***** [ Foldery ] ***** Folder znaleziono : S:\Program Files (x86)\AnyProtectEx Folder znaleziono : S:\Program Files (x86)\predm Folder znaleziono : S:\Program Files (x86)\SFK Folder znaleziono : S:\Users\Lucky\AppData\Local\SmartWeb Folder znaleziono : S:\Users\Lucky\AppData\Roaming\AnyProtectEx Folder znaleziono : S:\Users\Lucky\AppData\Roaming\istartsurf ***** [ Pliki ] ***** Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage Plik znaleziono : S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal Plik znaleziono : S:\Users\Lucky\Desktop\Continue Live Installation.lnk ***** [ Skróty ] ***** Skrót Zainfekowany : S:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\The Elder Scrolls V Skyrim - Legendary Edition.lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1441451318&z=0b0f24f82a6dd01c78cc00ag7z6zfg2zewcg6geb4c&from=face&uid=ST3160811AS_6PT1TDZZXXXX6PT1TDZZ ) ***** [ Zaplanowane zadania ] ***** Zadanie znaleziono : SmartWeb Upgrade Trigger Task Zadanie znaleziono : 39c7c12c-034f-4685-bb51-ff1c6f1a2402-5 Zadanie znaleziono : 39c7c12c-034f-4685-bb51-ff1c6f1a2402-5_user Zadanie znaleziono : 39c7c12c-034f-4685-bb51-ff1c6f1a2402-5 Zadanie znaleziono : 39c7c12c-034f-4685-bb51-ff1c6f1a2402-5_user ***** [ Rejestr ] ***** Klucz znaleziono : HKCU\Software\TutoTag Klucz znaleziono : HKCU\Software\DAILYPCCLEAN Klucz znaleziono : HKLM\SOFTWARE\istartsurfSoftware Klucz znaleziono : HKLM\SOFTWARE\Tutorials Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Klucz znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} Klucz znaleziono : [x64] HKCU\Software\TutoTag Klucz znaleziono : [x64] HKCU\Software\DAILYPCCLEAN Dane wartości znaleziono : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "S:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.istartsurf.com/?type=sc&ts=1441451318&z=0b0f24f82a6dd01c78cc00ag7z6zfg2zewcg6geb4c&from=face&uid=ST3160811AS_6PT1TDZZXXXX6PT1TDZZ Dane wartości znaleziono : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "S:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1441451318&z=0b0f24f82a6dd01c78cc00ag7z6zfg2zewcg6geb4c&from=face&uid=ST3160811AS_6PT1TDZZXXXX6PT1TDZZ ***** [ Przeglądarki internetowe ] ***** [S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] znaleziono : hxxp://www.istartsurf.com/webfavicon.ico [S:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] znaleziono : pelmeidfhdlhlbjimpabfcbnnojbboma ########## EOF - S:\AdwCleaner\AdwCleaner[S6].txt - [3965 bajty] ##########

Dodano 05.09.2015 14:06:06:

Dodano 05.09.2015 14:07:17:
4)

R2 Voltit; S:\ProgramData\Voltit\Voltit.exe [33280 2015-09-03] () [Brak podpisu cyfrowego]

Znasz to?
Nic mojego.

**Posty:** 4765 · przez **ordynat** 05 Wrz 2015, 15:22

Otwórz Notatnik i wklej w nim:

S2 hufipoge; S:\Program Files (x86)\CB687660-1441386074-11DF-8D96-485B3933B2E0\knsuACCD.tmp [X]
S:\Program Files (x86)\04b60326-78ff-4f6c-b089-6ba479f2da19
2015-09-05 10:45 - 2015-09-05 10:45 - 01654272 _____ S:\Users\Lucky\Desktop\adwcleaner_5.005 (1).exe
2015-09-05 10:42 - 2015-09-05 10:42 - 00260876 _____ (VuuPC Limited) S:\Users\Lucky\AppData\Local\nsm80AD.tmp
2015-09-05 10:34 - 2015-09-05 10:34 - 00613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsjE86D.tmp
2015-09-05 09:35 - 2015-09-05 09:35 - 00000000 ____D S:\ProgramData\DWdsManProD
2015-09-04 19:41 - 2015-09-04 19:41 - 00613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsr8CA8.tmp
2015-09-04 19:38 - 2015-09-04 19:39 - 00000000 ____D S:\ProgramData\BWdsManProB
2015-09-04 19:20 - 2015-09-04 19:20 - 00613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsc2A3D.tmp
2015-09-04 19:12 - 2015-09-05 11:43 - 00000004 _____ S:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-04 19:12 - 2015-09-04 19:12 - 00000000 ____D S:\Program Files (x86)\e65b34df-8eb8-4d4a-92e1-070e1e0f8e95
2015-09-04 19:11 - 2015-09-04 19:11 - 00000000 ____D S:\ProgramData\gWdsManProg
2015-09-04 18:10 - 2015-09-05 13:08 - 00000102 _____ S:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-04 18:09 - 2015-09-04 18:09 - 00000000 ____D S:\Users\Lucky\AppData\Roaming\dlg
2015-09-04 18:07 - 2015-09-05 14:47 - 00000000 ____D S:\ProgramData\Voltit
2015-09-04 18:07 - 2015-09-04 18:07 - 00002377 _____ S:\Windows\SysWOW64\findit.xml
2015-09-04 18:07 - 2015-09-04 18:07 - 00000000 ____D S:\ProgramData\Voltits
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () S:\Users\Lucky\AppData\Roaming\3uyE8OLKtd
2015-09-04 19:20 - 2015-09-04 19:20 - 0613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsc2A3D.tmp
2015-09-05 10:34 - 2015-09-05 10:34 - 0613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsjE86D.tmp
2015-09-05 10:42 - 2015-09-05 10:42 - 0260876 _____ (VuuPC Limited) S:\Users\Lucky\AppData\Local\nsm80AD.tmp
2015-09-04 19:41 - 2015-09-04 19:41 - 0613255 _____ (CMI Limited) S:\Users\Lucky\AppData\Local\nsr8CA8.tmp
2015-09-04 18:10 - 2015-09-05 13:08 - 0000102 _____ () S:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST.
Przed skanem zaznacz "Addition.txt"
.

Autor postu otrzymał pochwałę

**Posty:** 503 · przez **Lucky17** 05 Wrz 2015, 15:58

Gotowe

**Posty:** 4765 · przez **ordynat** 05 Wrz 2015, 16:03

Uruchomiony przez Lucky (2015-09-05 14:24:46)
Uruchomiony przez Lucky (administrator) LUCKY-KOMPUTER (05-09-2015 15:04:54)

te logi nie zgadzają sie ze sobą - były robione o innych godzinach.

Zrób NOWE logi
.

Autor postu otrzymał pochwałę

**Posty:** 503 · przez **Lucky17** 06 Wrz 2015, 09:54

Jeszcze raz dodaje loga.

**Posty:** 4765 · przez **ordynat** 06 Wrz 2015, 11:11

W logach nie ma już śladu "reklamiarzy".

Otwórz Notatnik i wklej w nim:

AlternateDataStreams: S:\Users\Lucky\AppData\Local\Temporary Internet Files:DmZ83sVXN9XRnb6mZiijEib1Af
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

.
=================

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

Autor postu otrzymał pochwałę

**Posty:** 503 · przez **Lucky17** 06 Wrz 2015, 11:40

Dzieki komputer chodzi jak nowy!

Kto jest na forum