GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-29 22:25:06 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000005d TOSHIBA_ rev.MS2O 931,51GB Running: xedlduyx.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\axdiypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d1bb2 5 bytes JMP 00000000002e8c60 .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c61401 2 bytes JMP 7528eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c61419 2 bytes JMP 7529b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c61431 2 bytes JMP 75318609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c6144a 2 bytes CALL 75271dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c614dd 2 bytes JMP 75317efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c614f5 2 bytes JMP 753180d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c6150d 2 bytes JMP 75317df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c61525 2 bytes JMP 753181c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c6153d 2 bytes JMP 7528f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c61555 2 bytes JMP 7529b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c6156d 2 bytes JMP 753186c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c61585 2 bytes JMP 75318222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c6159d 2 bytes JMP 75317db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c615b5 2 bytes JMP 7528f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c615cd 2 bytes JMP 7529b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c616b2 2 bytes JMP 75318584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c616bd 2 bytes JMP 75317d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 14 bytes {MOV RAX, 0x7feed3e30f0; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076dbff80 7 bytes [48, B8, 68, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076dbff88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076dc00f0 7 bytes [48, B8, C0, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076dc00f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076dc0110 7 bytes [48, B8, 3C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076dc0118 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076dc0120 7 bytes [48, B8, 3C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076dc0128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 7 bytes [48, B8, 48, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076dc0138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076dc0150 7 bytes [48, B8, 8C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076dc0158 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076dc01a0 7 bytes [48, B8, E4, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076dc01a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076dc01b0 7 bytes [48, B8, 78, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076dc01b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076dc01e0 7 bytes [48, B8, CC, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076dc01e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076dc0280 7 bytes [48, B8, 14, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076dc0288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076dc0400 7 bytes [48, B8, 90, F1, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076dc0408 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076dc0e70 7 bytes [48, B8, 60, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076dc0e78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076dc0ec0 7 bytes [48, B8, 9C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076dc0ec8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076dc1010 7 bytes [48, B8, 28, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076dc1018 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076dbff80 7 bytes [48, B8, 68, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076dbff88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076dc00f0 7 bytes [48, B8, C0, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076dc00f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076dc0110 7 bytes [48, B8, 3C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076dc0118 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076dc0120 7 bytes [48, B8, 3C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076dc0128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 7 bytes [48, B8, 48, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076dc0138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076dc0150 7 bytes [48, B8, 8C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076dc0158 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076dc01a0 7 bytes [48, B8, E4, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076dc01a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076dc01b0 7 bytes [48, B8, 78, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076dc01b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076dc01e0 7 bytes [48, B8, CC, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076dc01e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076dc0280 7 bytes [48, B8, 14, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076dc0288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076dc0400 7 bytes [48, B8, 90, F1, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076dc0408 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076dc0e70 7 bytes [48, B8, 60, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076dc0e78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076dc0ec0 7 bytes [48, B8, 9C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076dc0ec8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076dc1010 7 bytes [48, B8, 28, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076dc1018 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076dbff80 7 bytes [48, B8, 68, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076dbff88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076dc00f0 7 bytes [48, B8, C0, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076dc00f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076dc0110 7 bytes [48, B8, 3C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076dc0118 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076dc0120 7 bytes [48, B8, 3C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076dc0128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 7 bytes [48, B8, 48, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076dc0138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076dc0150 7 bytes [48, B8, 8C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076dc0158 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076dc01a0 7 bytes [48, B8, E4, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076dc01a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076dc01b0 7 bytes [48, B8, 78, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076dc01b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076dc01e0 7 bytes [48, B8, CC, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076dc01e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076dc0280 7 bytes [48, B8, 14, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076dc0288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076dc0400 7 bytes [48, B8, 90, F1, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076dc0408 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076dc0e70 7 bytes [48, B8, 60, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076dc0e78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076dc0ec0 7 bytes [48, B8, 9C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076dc0ec8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076dc1010 7 bytes [48, B8, 28, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076dc1018 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076dbff80 7 bytes [48, B8, 68, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076dbff88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076dc00f0 7 bytes [48, B8, C0, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076dc00f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076dc0110 7 bytes [48, B8, 3C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076dc0118 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076dc0120 7 bytes [48, B8, 3C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076dc0128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 7 bytes [48, B8, 48, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076dc0138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076dc0150 7 bytes [48, B8, 8C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076dc0158 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076dc01a0 7 bytes [48, B8, E4, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076dc01a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076dc01b0 7 bytes [48, B8, 78, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076dc01b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076dc01e0 7 bytes [48, B8, CC, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076dc01e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076dc0280 7 bytes [48, B8, 14, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076dc0288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076dc0400 7 bytes [48, B8, 90, F1, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076dc0408 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076dc0e70 7 bytes [48, B8, 60, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076dc0e78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076dc0ec0 7 bytes [48, B8, 9C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076dc0ec8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076dc1010 7 bytes [48, B8, 28, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076dc1018 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076dbff80 7 bytes [48, B8, 68, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000076dbff88 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000076dc00f0 7 bytes [48, B8, C0, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000076dc00f8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076dc0110 7 bytes [48, B8, 3C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076dc0118 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076dc0120 7 bytes [48, B8, 3C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000076dc0128 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076dc0130 7 bytes [48, B8, 48, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076dc0138 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076dc0150 7 bytes [48, B8, 8C, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076dc0158 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000076dc01a0 7 bytes [48, B8, E4, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000076dc01a8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000076dc01b0 7 bytes [48, B8, 78, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000076dc01b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076dc01e0 7 bytes [48, B8, CC, F2, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000076dc01e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000076dc0280 7 bytes [48, B8, 14, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000076dc0288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076dc0400 7 bytes [48, B8, 90, F1, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076dc0408 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000076dc0e70 7 bytes [48, B8, 60, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000076dc0e78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076dc0ec0 7 bytes [48, B8, 9C, F3, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000076dc0ec8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076dc1010 7 bytes [48, B8, 28, F4, 70, 3F, 01] .text C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000076dc1018 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee3115fc4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3116868] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee3116ca4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3116880] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1072] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee3116860] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee3115fc4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3116868] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee3116ca4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3116880] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[4748] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee3116860] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee3115fc4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3116868] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee3116ca4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3116880] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[1236] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee3116860] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee3115fc4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3116868] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee3116ca4] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3116880] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll IAT C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe[2732] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee3116860] C:\Users\Dominik\AppData\Local\Google\Chrome\Application\52.0.2743.116\chrome_child.dll ---- EOF - GMER 2.2 ----