Hallo Rosty,

Er wordt vermoed ik een crack zou kunnen gekocht hebben.
Kan jij hier uitsluitsel over geven.


http://www.minatica.be/threads/83502...ecurity-winkel
http://www.minatica.be/threads/83506...en-van-de-foor

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-05-19 21:35:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD642JJ rev.1AA01118 596,17GB
Running: 2yprzhrc.exe; Driver: C:\Users\PECHKI~1\AppData\Local\Temp\fwddrkoc.sys




---- User code sections - GMER 2.2 ----


.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[808] C:\Windows\system32\kernel32.dll!SetUnhandledExcep tionFilter 0000000077889020 4 bytes [C3, 00, 00, 00]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000071f813b0 2 bytes JMP 761055d0 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000071f813c0 2 bytes CALL 75899cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000071f8153e 2 bytes CALL 76197364 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000071f81553 2 bytes CALL 75b110ff C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077732bdc 5 bytes JMP 000000007427c3d0
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 00000000779b6131 11 bytes {MOV EAX, 0xfffffffff791baf0; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 14 bytes {MOV RAX, 0x7fef78762b0; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4950a0 3 bytes JMP 000007fef791cad0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!EncryptMessage + 4 000007fefd4950a4 1 byte [FA]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefd4951f4 3 bytes JMP 000007fef791cce0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!DecryptMessage + 4 000007fefd4951f8 1 byte [FA]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f441afc 2 bytes [44, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 0000000075b18769 5 bytes JMP 000000006a7454c9
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075caa00a 5 bytes JMP 000000006b2084c4
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000774d3f20 5 bytes JMP 000000006a77b0c2
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000774d3f8a 5 bytes JMP 000000006a77102b
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByt eLen 00000000774d47ba 5 bytes JMP 000000006a7d18a6
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000774d5d66 5 bytes JMP 000000006a7af843


---- User IAT/EAT - GMER 2.2 ----


IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae56490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae55ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae56470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae566e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f92730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae56490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae55ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae56470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae566e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f92730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll


---- Threads - GMER 2.2 ----


Thread C:\Windows\System32\svchost.exe [160:776] 000007fee16f14a0
Thread C:\Windows\System32\svchost.exe [160:4856] 000007fee83ca2b0
Thread C:\Windows\System32\svchost.exe [160:1852] 000007fee9f744d0
Thread C:\Windows\System32\svchost.exe [160:1908] 000007feeac789a8
Thread C:\Windows\SysWOW64\ntdll.dll [5592:5596] 00000000011f348c
Thread C:\Windows\SysWOW64\ntdll.dll [5592:5616] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:5620] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:5624] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:5628] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4008] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:3392] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4708] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:2804] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:2756] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:2984] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:716] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4476] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:740] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:2600] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:912] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4496] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4504] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4508] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4436] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4484] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4396] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4456] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4472] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4368] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4012] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4452] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4320] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:1316] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4380] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4388] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4332] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4500] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4372] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4284] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:3400] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4400] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4424] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4268] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4276] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4336] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4316] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4448] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4252] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4264] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4464] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4488] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4492] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4344] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4468] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4356] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4292] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4416] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4304] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4288] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4272] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4364] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4404] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4420] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:1336] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4296] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4348] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4440] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4328] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4360] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4308] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:1888] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:4432] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:1896] 000000000120d0b5
Thread C:\Windows\SysWOW64\ntdll.dll [5592:2620] 000000000120d0b5
Thread C:\Windows\System32\svchost.exe [3804:4280] 000007fef6129688


---- EOF - GMER 2.2 ----