Weergegeven resultaten: 1 t/m 4 van 4
  1. #1
    PC-Freak   salmax's schermafbeelding
    Geregistreerd
    4 februari 2008
    Locatie
    griekenland aan de noordzee
    Berichten
    1.800
    Bedankjes
    8.647
    Bedankt
    2.637 keer in 1.640 posts

    uitsluitsel hier bedreiging aanwezig is

    Hallo Rosty,

    Er wordt vermoed ik een crack zou kunnen gekocht hebben.
    Kan jij hier uitsluitsel over geven.


    http://www.minatica.be/threads/83502...ecurity-winkel
    http://www.minatica.be/threads/83506...en-van-de-foor

  2. #2
    PC-Freak   salmax's schermafbeelding
    Geregistreerd
    4 februari 2008
    Locatie
    griekenland aan de noordzee
    Berichten
    1.800
    Bedankjes
    8.647
    Bedankt
    2.637 keer in 1.640 posts
    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2017-05-19 21:35:06
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD642JJ rev.1AA01118 596,17GB
    Running: 2yprzhrc.exe; Driver: C:\Users\PECHKI~1\AppData\Local\Temp\fwddrkoc.sys




    ---- User code sections - GMER 2.2 ----


    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[808] C:\Windows\system32\kernel32.dll!SetUnhandledExcep tionFilter 0000000077889020 4 bytes [C3, 00, 00, 00]
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000071f813b0 2 bytes JMP 761055d0 C:\Windows\syswow64\SHELL32.dll
    .text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000071f813c0 2 bytes CALL 75899cee C:\Windows\syswow64\msvcrt.dll
    .text ... * 20
    .text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000071f8153e 2 bytes CALL 76197364 C:\Windows\syswow64\SHELL32.dll
    .text C:\Windows\SysWOW64\vmnat.exe[2844] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000071f81553 2 bytes CALL 75b110ff C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077732bdc 5 bytes JMP 000000007427c3d0
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 75b3b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 75b3b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 75bb9149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 75b14885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 75bb8a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075ef14f5 2 bytes JMP 75bb8c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 75bb8938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075ef1525 2 bytes JMP 75bb8d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 75b2fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 75b36907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 75bb9201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 75bb8d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 75bb88fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 75b2fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 75b3b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075ef16b2 2 bytes JMP 75bb90c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075ef16bd 2 bytes JMP 75bb8891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 00000000779b6131 11 bytes {MOV EAX, 0xfffffffff791baf0; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 14 bytes {MOV RAX, 0x7fef78762b0; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4950a0 3 bytes JMP 000007fef791cad0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!EncryptMessage + 4 000007fefd4950a4 1 byte [FA]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefd4951f4 3 bytes JMP 000007fef791cce0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\system32\SSPICLI.DLL!DecryptMessage + 4 000007fefd4951f8 1 byte [FA]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad 00000000779dbe00 7 bytes [48, B8, 60, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThre ad + 8 00000000779dbe08 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000779dbf70 7 bytes [48, B8, E0, F9, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000779dbf78 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779dbf90 7 bytes [48, B8, D0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000779dbf98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000779dbfa0 7 bytes [48, B8, C0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000779dbfa8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000779dbfb0 7 bytes [48, B8, 40, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000779dbfb8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000779dbfd0 7 bytes [48, B8, B0, F8, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000779dbfd8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000779dc020 7 bytes [48, B8, 50, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000779dc028 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000779dc030 7 bytes [48, B8, 20, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000779dc038 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000779dc060 7 bytes [48, B8, 40, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000779dc068 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e 00000000779dc100 7 bytes [48, B8, 80, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFil e + 8 00000000779dc108 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000779dc280 7 bytes [48, B8, C0, FA, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000779dc288 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000779dccf0 7 bytes [48, B8, 00, FE, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000779dccf8 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779dcd40 7 bytes [48, B8, A0, FD, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000779dcd48 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile 00000000779dce90 7 bytes [48, B8, A0, FB, D1, 3F, 01]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttribute sFile + 8 00000000779dce98 6 bytes {ADD [RAX], AL; JMP RAX}
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f441afc 2 bytes [44, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 0000000075b18769 5 bytes JMP 000000006a7454c9
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075caa00a 5 bytes JMP 000000006b2084c4
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000774d3f20 5 bytes JMP 000000006a77b0c2
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000774d3f8a 5 bytes JMP 000000006a77102b
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByt eLen 00000000774d47ba 5 bytes JMP 000000006a7d18a6
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000774d5d66 5 bytes JMP 000000006a7af843


    ---- User IAT/EAT - GMER 2.2 ----


    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae56490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae55ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae56470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae566e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6012] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f92730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae56490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae55ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae56470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae566e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll
    IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5500] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f92730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chro me_child.dll


    ---- Threads - GMER 2.2 ----


    Thread C:\Windows\System32\svchost.exe [160:776] 000007fee16f14a0
    Thread C:\Windows\System32\svchost.exe [160:4856] 000007fee83ca2b0
    Thread C:\Windows\System32\svchost.exe [160:1852] 000007fee9f744d0
    Thread C:\Windows\System32\svchost.exe [160:1908] 000007feeac789a8
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:5596] 00000000011f348c
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:5616] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:5620] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:5624] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:5628] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4008] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:3392] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4708] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:2804] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:2756] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:2984] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:716] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4476] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:740] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:2600] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:912] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4496] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4504] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4508] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4436] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4484] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4396] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4456] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4472] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4368] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4012] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4452] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4320] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:1316] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4380] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4388] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4332] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4500] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4372] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4284] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:3400] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4400] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4424] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4268] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4276] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4336] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4316] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4448] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4252] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4264] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4464] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4488] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4492] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4344] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4468] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4356] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4292] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4416] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4304] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4288] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4272] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4364] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4404] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4420] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:1336] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4296] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4348] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4440] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4328] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4360] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4308] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:1888] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:4432] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:1896] 000000000120d0b5
    Thread C:\Windows\SysWOW64\ntdll.dll [5592:2620] 000000000120d0b5
    Thread C:\Windows\System32\svchost.exe [3804:4280] 000007fef6129688


    ---- EOF - GMER 2.2 ----

  3. #3
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 mei 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.180
    Bedankjes
    1.109
    Bedankt
    2.640 keer in 1.711 posts
    Download AdwCleaner by MalwareBytes naar het bureaublad.
    • Sluit alle openstaande vensters.
    • Dubbelklik op AdwCleaner om hem te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
    • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Klik vervolgens op Scan.
    • Klik vervolgens op Clean als er items zijn gevonden.
    • Klik bij Herstarten Noodzakelijk op OK


    Nadat de PC opnieuw is opgestart, opent meestal een logfile.
    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt

  4. #4
    PC-Freak   salmax's schermafbeelding
    Geregistreerd
    4 februari 2008
    Locatie
    griekenland aan de noordzee
    Berichten
    1.800
    Bedankjes
    8.647
    Bedankt
    2.637 keer in 1.640 posts
    ik vermoed deze dicht kan

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. uitsluitsel hier bedreiging aanwezig is
    Door salmax in forum HijackThis
    Reacties: 5
    Laatste bericht: 15 juni 2017, 00:53
  2. Waar zijn hier de wiskunde knobbels?
    Door ghost in forum De Lounge
    Reacties: 5
    Laatste bericht: 5 mei 2017, 15:53

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •