GMER výpis
nevíte, jestli tento výpis znamená nějaké napadení počítače(gmer)?
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000721813c6 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000721813f6 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000721814ad 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000721814db 2 bytes [18, 72]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000072181577 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000721815d7 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000072181794 2 bytes [18, 72]
.text C:\Windows\SysWOW64\vmnat.exe[1692] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000721818c1 2 bytes [18, 72]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd742db0 5 bytes JMP 000007fffd730180
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7437d0 7 bytes JMP 000007fffd7300d8
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd748ef0 6 bytes JMP 000007fffd730148
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd75af60 5 bytes JMP 000007fffd730110
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9e89e0 8 bytes JMP 000007fffd7301f0
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9ebe40 8 bytes JMP 000007fffd7301b8
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef2afdc88 5 bytes JMP 000007fff28300d8
.text C:\Windows\system32\Dwm.exe[3336] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef2afde10 5 bytes JMP 000007fff2830110
.text C:\Windows\SysWOW64\RunDll32.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75]
.text ... * 2
F - GMER 2.1 ----
použij adwcleaner, který dává užitečnější report.
samozřejmě pokud ti gmer vyhovuje, jeho výpisu se nemůžeš nabažit a služba lms je u tebe virus, je to tvůj boj.
Podľa čoho si usúdil, že uvedený drobný výsek neškodných súborov z Gmeru ti zrovna zákerne škodí?
Existuje nepreberné množstvo free programov, ktoré riešia škodlivý kód.
Skús najprv:
Spybot-S&D 2.3.39 - komplet sken síce značí beh na dlhé trate.
Antivir:
Dr.Web LiveCD na jadre Linuxu, oskenuje hdd z externého média.