Mededeling

Collapse
No announcement yet.

Trage browsers, traag opstarten programma's, mbam loopt vast en kan bepaalde virussoftware niet downloaden

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trage browsers, traag opstarten programma's, mbam loopt vast en kan bepaalde virussoftware niet downloaden

    Beste moderators,

    Ik heb iets in de computer wat mijn browser (FF) traag maakt, daarbij kan ik mbam niet laten draaien hij blijft hangen in de heuristische analyse, als ik deze dan wil annuleren loopt hij vast, de hele pc loopt vast. Ik kan u dus niet de gevraagde mbam-log aanbieden en ook defogger is niet te downloaden, hij kan de server niet vinden, idem voor Adwarecleaner. Ik kan u dan ook geen dds.txt log laten zien want hij laat een foutmelding zien, iets met compabiliteits "DDS in not ment to run in compability mode", dus blijft mijn enige log die ik u kan aanbieden de Gmer-log, ik zal deze hieronder plaatsen. Alvast bedankt voor uw hulp. Ik moet de Gmer-log in meerdere delen posten.


    Gmer-log 1:

    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2017-01-23 09:42:58
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 ST3320418AS rev.HP35 298,09GB
    Running: iezmlqvh.exe; Driver: C:\Users\Ralph\AppData\Local\Temp\fxldapog.sys


    ---- User code sections - GMER 2.2 ----

    .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
    .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\dwmapi.dll!DwmUpdateThumbnailProperties 00007ffaaf6e4580 5 bytes JMP 00007ffaafd200c8
    ? C:\WINDOWS\SYSTEM32\wship6.dll [1280] entry point in ".rdata" section 0000000072582470
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa7eba0e55
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa7eba0fd8
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa7eba0f96
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa7eba0f56
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa7eba0ed6
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa7eba0e96
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa7eba0f16
    .text C:\Windows\System32\WUDFHost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa7eba0e16
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa99c80e55
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa99c80fd8
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa99c80f96
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa99c80f56
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa99c80ed6
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa99c80e96
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa99c80f16
    .text C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa99c80e16
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa83af0e55
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa83af0fd8
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa83af0f96
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa83af0f56
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa83af0ed6
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa83af0e96
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa83af0f16
    .text C:\WINDOWS\System32\svchost.exe[1616] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa83af0e16
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa8def0e55
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa8def0fd8
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa8def0f96
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa8def0f56
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa8def0ed6
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa8def0e96
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa8def0f16
    .text C:\WINDOWS\System32\svchost.exe[1828] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa8def0e16
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa824c0e55
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa824c0fd8
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa824c0f96
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa824c0f56
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa824c0ed6
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa824c0e96
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa824c0f16
    .text C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe[1936] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa824c0e16
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa88510e55
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa88510fd8
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa88510f96
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa88510f56
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa88510ed6
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa88510e96
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa88510f16
    .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[2020] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa88510e16
    ? C:\WINDOWS\SYSTEM32\iertutil.dll [1680] entry point in ".rdata" section 0000000073cf1590
    ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [1680] entry point in ".rdata" section 00000000737cc940
    ? C:\WINDOWS\system32\apphelp.dll [1680] entry point in ".rdata" section 000000006f66f7c0
    ? C:\WINDOWS\system32\wbem\wbemsvc.dll [1680] entry point in ".rdata" section 0000000072938fc0
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaae000e55
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaae000fd8
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaae000f96
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaae000f56
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaae000ed6
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaae000e96
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaae000f16
    .text C:\WINDOWS\system32\svchost.exe[1692] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaae000e16
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa77130e55
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa77130fd8
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa77130f96
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa77130f56
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa77130ed6
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa77130e96
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa77130f16
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa77130e16
    .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2016] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa7aba0e55
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa7aba0fd8
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa7aba0f96
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa7aba0f56
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa7aba0ed6
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa7aba0e96
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa7aba0f16
    .text C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe[2224] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa7aba0e16
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa95c60e55
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa95c60fd8
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa95c60f96
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa95c60f56
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa95c60ed6
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa95c60e96
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa95c60f16
    .text C:\WINDOWS\System32\svchost.exe[2252] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa95c60e16
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa91960e55
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa91960fd8
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa91960f96
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa91960f56
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa91960ed6
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa91960e96
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa91960f16
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa91960e16
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffa91960d18
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffa91960cd8
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffa91960d98
    .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2352] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffa91960d54
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffab1910e55
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffab1910fd8
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffab1910f96
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffab1910f56
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffab1910ed6
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffab1910e96
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffab1910f16
    .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffab1910e16
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa9dfa0e55
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa9dfa0fd8
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa9dfa0f96
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa9dfa0f56
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa9dfa0ed6
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa9dfa0e96
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa9dfa0f16
    .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[2376] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa9dfa0e16
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa92290e55
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa92290fd8
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa92290f96
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa92290f56
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa92290ed6
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa92290e96
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa92290f16
    .text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa92290e16
    ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2500] entry point in ".rdata" section 0000000072938fc0
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa99710e55
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa99710fd8
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa99710f96
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa99710f56
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa99710ed6
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa99710e96
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa99710f16
    .text C:\WINDOWS\System32\svchost.exe[2968] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa99710e16
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa9b6d0e55
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa9b6d0fd8
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa9b6d0f96
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa9b6d0f56
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP

  • #2
    Gmer-log 2:

    00007ffa9b6d0ed6
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa9b6d0e96
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa9b6d0f16
    .text C:\WINDOWS\system32\svchost.exe[3548] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa9b6d0e16
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa9c100e55
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa9c100fd8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa9c100f96
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa9c100f56
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa9c100ed6
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa9c100e96
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa9c100f16
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa9c100e16
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!GetWindowRect 00007ffab33936c0 5 bytes JMP 00007ffab4dc00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab4d800c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab4d900c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffa9c100d18
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffa9c100cd8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffa9c100d98
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffa9c100d54
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!DeferWindowPos 00007ffab33a7850 5 bytes JMP 00007ffab4ff00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!BeginPaint 00007ffab33b3410 5 bytes JMP 00007ffab4db00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!EndPaint 00007ffab33b36e0 5 bytes JMP 00007ffab4da00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!GetWindowPlacement 00007ffab33b3b40 5 bytes JMP 00007ffab4fd00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!MoveWindow 00007ffab33b3d80 5 bytes JMP 00007ffab4de00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!SetWindowPlacement 00007ffab33b4220 5 bytes JMP 00007ffab4fe00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\USER32.dll!SetWindowPos 00007ffab33b4230 5 bytes JMP 00007ffab4dd00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeEdge 00007ffaafe81a40 5 bytes JMP 00007ffab01d00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeEnumValue 00007ffaafe82520 5 bytes JMP 00007ffab01500c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeBitmap 00007ffaafe825c0 5 bytes JMP 00007ffab00400c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!BeginBufferedPaint 00007ffaafe83c40 5 bytes JMP 00007ffaaff200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeColor 00007ffaafe83db0 5 bytes JMP 00007ffaaff400c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeBool 00007ffaafe83f00 5 bytes JMP 00007ffab00300c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeTextEx 00007ffaafe875e0 5 bytes JMP 00007ffab00600c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeMargins 00007ffaafe878f0 5 bytes JMP 00007ffab00000c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!OpenThemeData 00007ffaafe87f80 5 bytes JMP 00007ffaaff700c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!CloseThemeData 00007ffaafe88610 5 bytes JMP 00007ffaafff00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!IsThemePartDefined 00007ffaafe89f80 5 bytes JMP 00007ffaaffe00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeBackgroundContentRect 00007ffaafe8a2e0 5 bytes JMP 00007ffab00a00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemePartSize 00007ffaafe8a500 5 bytes JMP 00007ffab00100c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!IsThemeBackgroundPartiallyTransparent 00007ffaafe8a6c0 5 bytes JMP 00007ffab00800c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeBackground 00007ffaafe8c2d0 5 bytes JMP 00007ffaaff600c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetCurrentThemeName 00007ffaafe9a330 5 bytes JMP 00007ffaaffc00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!IsAppThemed 00007ffaafe9b760 5 bytes JMP 00007ffaaff900c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!IsThemeActive 00007ffaafe9b790 5 bytes JMP 00007ffaaffa00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeTextExtent 00007ffaafe9ca80 5 bytes JMP 00007ffab00900c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeFont 00007ffaafe9cd20 5 bytes JMP 00007ffab01600c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!IsCompositionActive 00007ffaafe9ced0 5 bytes JMP 00007ffaaffd00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeBackgroundEx 00007ffaafe9d160 5 bytes JMP 00007ffaaff300c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeBackgroundExtent 00007ffaafe9d3e0 5 bytes JMP 00007ffab00b00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeMetric 00007ffaafe9d830 5 bytes JMP 00007ffab01200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeText 00007ffaafe9d8d0 5 bytes JMP 00007ffab00500c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeTextMetrics 00007ffaafe9e0b0 5 bytes JMP 00007ffab00f00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeBackgroundRegion 00007ffaafe9ea40 5 bytes JMP 00007ffab01000c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetWindowTheme 00007ffaafe9ec10 5 bytes JMP 00007ffab00d00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeAppProperties 00007ffaafe9ec80 5 bytes JMP 00007ffab00e00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeTransitionDuration 00007ffaafe9ed00 5 bytes JMP 00007ffab00700c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemePosition 00007ffaafe9f0f0 5 bytes JMP 00007ffab01400c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!HitTestThemeBackground 00007ffaafe9fd90 5 bytes JMP 00007ffab01100c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeStream 00007ffaafea2840 5 bytes JMP 00007ffaaffb00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeRect 00007ffaafea2900 5 bytes JMP 00007ffab00200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!DrawThemeIcon 00007ffaafecaab0 5 bytes JMP 00007ffab00c00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeDocumentationProperty 00007ffaafecb580 5 bytes JMP 00007ffab02300c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeFilename 00007ffaafecb640 5 bytes JMP 00007ffab01700c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeIntList 00007ffaafecb710 5 bytes JMP 00007ffab01e00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemePropertyOrigin 00007ffaafecb810 5 bytes JMP 00007ffab01f00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeString 00007ffaafecb8c0 5 bytes JMP 00007ffab01300c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysBool 00007ffaafecb980 5 bytes JMP 00007ffab01b00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysColor 00007ffaafecba40 5 bytes JMP 00007ffab01800c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysColorBrush 00007ffaafecbb10 5 bytes JMP 00007ffab01900c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysFont 00007ffaafecbbe0 5 bytes JMP 00007ffab02000c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysInt 00007ffaafecbed0 5 bytes JMP 00007ffab02100c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysSize 00007ffaafecbf70 5 bytes JMP 00007ffab01a00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!GetThemeSysString 00007ffaafecc030 5 bytes JMP 00007ffab01c00c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!OpenThemeDataEx 00007ffaafecc290 5 bytes JMP 00007ffaaff500c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\uxtheme.dll!SetThemeAppProperties 00007ffaafecc740 5 bytes JMP 00007ffab02200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmGetWindowAttribute 00007ffaaf6e1400 2 bytes JMP 00007ffaaf7300c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmGetWindowAttribute + 3 00007ffaaf6e1403 2 bytes [04, 00]
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmSetWindowAttribute 00007ffaaf6e1e10 5 bytes JMP 00007ffaaf7200c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmExtendFrameIntoClientArea 00007ffaaf6e2200 4 bytes JMP 00007ffaaf7100c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmDefWindowProc 00007ffaaf6e2ad0 5 bytes JMP 00007ffaaf7600c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmIsCompositionEnabled 00007ffaaf6e37c0 5 bytes JMP 00007ffaaf7500c8
    .text C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] C:\WINDOWS\SYSTEM32\DWMAPI.DLL!DwmEnableBlurBehindWindow 00007ffaaf6e4c80 5 bytes JMP 00007ffaaf7400c8
    ? C:\WINDOWS\SYSTEM32\iertutil.dll [3748] entry point in ".rdata" section 0000000073cf1590
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaa4590e55
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaa4590fd8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaa4590f96
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaa4590f56
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaa4590ed6
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaa4590e96
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaa4590f16
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaa4590e16
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!GetWindowRect 00007ffab33936c0 5 bytes JMP 00007ffab38b00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab38700c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab38800c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffaa4590d18
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffaa4590cd8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffaa4590d98
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffaa4590d54
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!DeferWindowPos 00007ffab33a7850 5 bytes JMP 00007ffab39000c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!BeginPaint 00007ffab33b3410 5 bytes JMP 00007ffab38a00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!EndPaint 00007ffab33b36e0 5 bytes JMP 00007ffab38900c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!GetWindowPlacement 00007ffab33b3b40 5 bytes JMP 00007ffab38e00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!MoveWindow 00007ffab33b3d80 5 bytes JMP 00007ffab38d00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!SetWindowPlacement 00007ffab33b4220 5 bytes JMP 00007ffab38f00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\user32.dll!SetWindowPos 00007ffab33b4230 5 bytes JMP 00007ffab38c00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeEdge 00007ffaafe81a40 5 bytes JMP 00007ffab04100c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeEnumValue 00007ffaafe82520 5 bytes JMP 00007ffab03900c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBitmap 00007ffaafe825c0 5 bytes JMP 00007ffab00400c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!BeginBufferedPaint 00007ffaafe83c40 5 bytes JMP 00007ffaaff200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeColor 00007ffaafe83db0 5 bytes JMP 00007ffaaff400c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBool 00007ffaafe83f00 5 bytes JMP 00007ffab00300c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeTextEx 00007ffaafe875e0 5 bytes JMP 00007ffab00600c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeMargins 00007ffaafe878f0 5 bytes JMP 00007ffab00000c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!OpenThemeData 00007ffaafe87f80 5 bytes JMP 00007ffaaff700c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!CloseThemeData 00007ffaafe88610 5 bytes JMP 00007ffaafff00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!IsThemePartDefined 00007ffaafe89f80 5 bytes JMP 00007ffaaffe00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundContentRect 00007ffaafe8a2e0 5 bytes JMP 00007ffab00a00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePartSize 00007ffaafe8a500 5 bytes JMP 00007ffab00100c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!IsThemeBackgroundPartiallyTransparent 00007ffaafe8a6c0 5 bytes JMP 00007ffab00800c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeBackground 00007ffaafe8c2d0 5 bytes JMP 00007ffaaff600c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetCurrentThemeName 00007ffaafe9a330 5 bytes JMP 00007ffaaffc00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!IsAppThemed 00007ffaafe9b760 5 bytes JMP 00007ffaaff900c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!IsThemeActive 00007ffaafe9b790 5 bytes JMP 00007ffaaffa00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTextExtent 00007ffaafe9ca80 5 bytes JMP 00007ffab00900c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeFont 00007ffaafe9cd20 5 bytes JMP 00007ffab03a00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!IsCompositionActive 00007ffaafe9ced0 5 bytes JMP 00007ffaaffd00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeBackgroundEx 00007ffaafe9d160 5 bytes JMP 00007ffaaff300c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundExtent 00007ffaafe9d3e0 5 bytes JMP 00007ffab00b00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeMetric 00007ffaafe9d830 5 bytes JMP 00007ffab01200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeText 00007ffaafe9d8d0 5 bytes JMP 00007ffab00500c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTextMetrics 00007ffaafe9e0b0 5 bytes JMP 00007ffab00f00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundRegion 00007ffaafe9ea40 5 bytes JMP 00007ffab01000c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetWindowTheme 00007ffaafe9ec10 5 bytes JMP 00007ffab00d00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeAppProperties 00007ffaafe9ec80 5 bytes JMP 00007ffab00e00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTransitionDuration 00007ffaafe9ed00 5 bytes JMP 00007ffab00700c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePosition 00007ffaafe9f0f0 5 bytes JMP 00007ffab03800c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!HitTestThemeBackground 00007ffaafe9fd90 5 bytes JMP 00007ffab01100c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeStream 00007ffaafea2840 5 bytes JMP 00007ffaaffb00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeRect 00007ffaafea2900 5 bytes JMP 00007ffab00200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeIcon 00007ffaafecaab0 5 bytes JMP 00007ffab00c00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeDocumentationProperty 00007ffaafecb580 5 bytes JMP 00007ffab04700c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeFilename 00007ffaafecb640 5 bytes JMP 00007ffab03b00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeIntList 00007ffaafecb710 5 bytes JMP 00007ffab04200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePropertyOrigin 00007ffaafecb810 5 bytes JMP 00007ffab04300c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeString 00007ffaafecb8c0 5 bytes JMP 00007ffab01300c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysBool 00007ffaafecb980 5 bytes JMP 00007ffab03f00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysColor 00007ffaafecba40 5 bytes JMP 00007ffab03c00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysColorBrush 00007ffaafecbb10 5 bytes JMP 00007ffab03d00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysFont 00007ffaafecbbe0 5 bytes JMP 00007ffab04400c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysInt 00007ffaafecbed0 5 bytes JMP 00007ffab04500c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysSize 00007ffaafecbf70 5 bytes JMP 00007ffab03e00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysString 00007ffaafecc030 5 bytes JMP 00007ffab04000c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!OpenThemeDataEx 00007ffaafecc290 5 bytes JMP 00007ffaaff500c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\UXTHEME.DLL!SetThemeAppProperties 00007ffaafecc740 5 bytes JMP 00007ffab04600c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmGetWindowAttribute 00007ffaaf6e1400 2 bytes JMP 00007ffaaf7f00c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmGetWindowAttribute + 3 00007ffaaf6e1403 2 bytes [10, 00]
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmSetWindowAttribute 00007ffaaf6e1e10 5 bytes JMP 00007ffaaf7200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmExtendFrameIntoClientArea 00007ffaaf6e2200 4 bytes JMP 00007ffaaf7100c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmDefWindowProc 00007ffaaf6e2ad0 5 bytes JMP 00007ffaaf8200c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmIsCompositionEnabled 00007ffaaf6e37c0 5 bytes JMP 00007ffaaf8100c8
    .text C:\WINDOWS\system32\sihost.exe[3816] C:\WINDOWS\system32\DWMAPI.DLL!DwmEnableBlurBehindWindow 00007ffaaf6e4c80 5 bytes JMP 00007ffaaf8000c8
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa95380e55
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa95380fd8
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa95380f96
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa95380f56
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa95380ed6
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa95380e96
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa95380f16
    .text C:\WINDOWS\system32\svchost.exe[3832] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa95380e16
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaa96a0e55
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaa96a0fd8
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaa96a0f96
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaa96a0f56
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaa96a0ed6
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaa96a0e96
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaa96a0f16
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaa96a0e16
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!GetWindowRect 00007ffab33936c0 5 bytes JMP 00007ffab38b00c8
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab38700c8
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab38800c8
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffaa96a0d18
    .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP

    Comment


    • #3
      Gmer-log 3:

      00007ffaa96a0cd8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffaa96a0d98
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffaa96a0d54
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!DeferWindowPos 00007ffab33a7850 5 bytes JMP 00007ffab39000c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!BeginPaint 00007ffab33b3410 5 bytes JMP 00007ffab38a00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!EndPaint 00007ffab33b36e0 5 bytes JMP 00007ffab38900c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!GetWindowPlacement 00007ffab33b3b40 5 bytes JMP 00007ffab38e00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!MoveWindow 00007ffab33b3d80 5 bytes JMP 00007ffab38d00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!SetWindowPlacement 00007ffab33b4220 5 bytes JMP 00007ffab38f00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\USER32.dll!SetWindowPos 00007ffab33b4230 5 bytes JMP 00007ffab38c00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeEdge 00007ffaafe81a40 5 bytes JMP 00007ffab01d00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeEnumValue 00007ffaafe82520 5 bytes JMP 00007ffab01500c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBitmap 00007ffaafe825c0 5 bytes JMP 00007ffab00400c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!BeginBufferedPaint 00007ffaafe83c40 5 bytes JMP 00007ffaaff200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeColor 00007ffaafe83db0 5 bytes JMP 00007ffaaff400c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBool 00007ffaafe83f00 5 bytes JMP 00007ffab00300c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeTextEx 00007ffaafe875e0 5 bytes JMP 00007ffab00600c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeMargins 00007ffaafe878f0 5 bytes JMP 00007ffab00000c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!OpenThemeData 00007ffaafe87f80 5 bytes JMP 00007ffaaff700c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!CloseThemeData 00007ffaafe88610 5 bytes JMP 00007ffaafff00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!IsThemePartDefined 00007ffaafe89f80 5 bytes JMP 00007ffaaffe00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundContentRect 00007ffaafe8a2e0 5 bytes JMP 00007ffab00a00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePartSize 00007ffaafe8a500 5 bytes JMP 00007ffab00100c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!IsThemeBackgroundPartiallyTransparent 00007ffaafe8a6c0 5 bytes JMP 00007ffab00800c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeBackground 00007ffaafe8c2d0 5 bytes JMP 00007ffaaff600c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetCurrentThemeName 00007ffaafe9a330 5 bytes JMP 00007ffaaffc00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!IsAppThemed 00007ffaafe9b760 5 bytes JMP 00007ffaaff900c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!IsThemeActive 00007ffaafe9b790 5 bytes JMP 00007ffaaffa00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTextExtent 00007ffaafe9ca80 5 bytes JMP 00007ffab00900c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeFont 00007ffaafe9cd20 5 bytes JMP 00007ffab01600c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!IsCompositionActive 00007ffaafe9ced0 5 bytes JMP 00007ffaaffd00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeBackgroundEx 00007ffaafe9d160 5 bytes JMP 00007ffaaff300c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundExtent 00007ffaafe9d3e0 5 bytes JMP 00007ffab00b00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeMetric 00007ffaafe9d830 5 bytes JMP 00007ffab01200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeText 00007ffaafe9d8d0 5 bytes JMP 00007ffab00500c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTextMetrics 00007ffaafe9e0b0 5 bytes JMP 00007ffab00f00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeBackgroundRegion 00007ffaafe9ea40 5 bytes JMP 00007ffab01000c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetWindowTheme 00007ffaafe9ec10 5 bytes JMP 00007ffab00d00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeAppProperties 00007ffaafe9ec80 5 bytes JMP 00007ffab00e00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeTransitionDuration 00007ffaafe9ed00 5 bytes JMP 00007ffab00700c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePosition 00007ffaafe9f0f0 5 bytes JMP 00007ffab01400c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!HitTestThemeBackground 00007ffaafe9fd90 5 bytes JMP 00007ffab01100c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeStream 00007ffaafea2840 5 bytes JMP 00007ffaaffb00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeRect 00007ffaafea2900 5 bytes JMP 00007ffab00200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!DrawThemeIcon 00007ffaafecaab0 5 bytes JMP 00007ffab00c00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeDocumentationProperty 00007ffaafecb580 5 bytes JMP 00007ffab02300c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeFilename 00007ffaafecb640 5 bytes JMP 00007ffab01700c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeIntList 00007ffaafecb710 5 bytes JMP 00007ffab01e00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemePropertyOrigin 00007ffaafecb810 5 bytes JMP 00007ffab01f00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeString 00007ffaafecb8c0 5 bytes JMP 00007ffab01300c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysBool 00007ffaafecb980 5 bytes JMP 00007ffab01b00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysColor 00007ffaafecba40 5 bytes JMP 00007ffab01800c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysColorBrush 00007ffaafecbb10 5 bytes JMP 00007ffab01900c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysFont 00007ffaafecbbe0 5 bytes JMP 00007ffab02000c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysInt 00007ffaafecbed0 5 bytes JMP 00007ffab02100c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysSize 00007ffaafecbf70 5 bytes JMP 00007ffab01a00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!GetThemeSysString 00007ffaafecc030 5 bytes JMP 00007ffab01c00c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!OpenThemeDataEx 00007ffaafecc290 5 bytes JMP 00007ffaaff500c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\UXTHEME.DLL!SetThemeAppProperties 00007ffaafecc740 5 bytes JMP 00007ffab02200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmGetWindowAttribute 00007ffaaf6e1400 2 bytes JMP 00007ffaaf7300c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmGetWindowAttribute + 3 00007ffaaf6e1403 2 bytes [04, 00]
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmSetWindowAttribute 00007ffaaf6e1e10 5 bytes JMP 00007ffaaf7200c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmExtendFrameIntoClientArea 00007ffaaf6e2200 4 bytes JMP 00007ffaaf7100c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmDefWindowProc 00007ffaaf6e2ad0 5 bytes JMP 00007ffaaf7600c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmIsCompositionEnabled 00007ffaaf6e37c0 5 bytes JMP 00007ffaaf7500c8
      .text C:\WINDOWS\system32\taskhostw.exe[3896] C:\WINDOWS\system32\DWMAPI.DLL!DwmEnableBlurBehindWindow 00007ffaaf6e4c80 5 bytes JMP 00007ffaaf7400c8
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffab4220e55
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffab4220fd8
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffab4220f96
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffab4220f56
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffab4220ed6
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffab4220e96
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffab4220f16
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffab4220e16
      .text C:\Windows\System32\RuntimeBroker.exe[3616] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaaa650e55
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaaa650fd8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaaa650f96
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaaa650f56
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaaa650ed6
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaaa650e96
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaaa650f16
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaaa650e16
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!GetWindowRect 00007ffab33936c0 5 bytes JMP 00007ffab4dd00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab4d800c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab4d900c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffaaa650d18
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffaaa650cd8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffaaa650d98
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffaaa650d54
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!DeferWindowPos 00007ffab33a7850 5 bytes JMP 00007ffab50000c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!CreateWindowInBandEx 00007ffab33a9c00 5 bytes JMP 00007ffab4da00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!BeginPaint 00007ffab33b3410 5 bytes JMP 00007ffab4dc00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!EndPaint 00007ffab33b36e0 5 bytes JMP 00007ffab4db00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!GetWindowPlacement 00007ffab33b3b40 5 bytes JMP 00007ffab4fe00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!MoveWindow 00007ffab33b3d80 5 bytes JMP 00007ffab4fd00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!SetWindowPlacement 00007ffab33b4220 5 bytes JMP 00007ffab4ff00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\USER32.dll!SetWindowPos 00007ffab33b4230 5 bytes JMP 00007ffab4de00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeEdge 00007ffaafe81a40 5 bytes JMP 00007ffab03100c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeEnumValue 00007ffaafe82520 5 bytes JMP 00007ffab01700c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeBitmap 00007ffaafe825c0 5 bytes JMP 00007ffab00600c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!BeginBufferedPaint 00007ffaafe83c40 5 bytes JMP 00007ffaaff300c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeColor 00007ffaafe83db0 5 bytes JMP 00007ffaaff500c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeBool 00007ffaafe83f00 5 bytes JMP 00007ffab00500c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!EndBufferedPaint 00007ffaafe84560 5 bytes JMP 00007ffaaff200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeTextEx 00007ffaafe875e0 5 bytes JMP 00007ffab00800c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeMargins 00007ffaafe878f0 5 bytes JMP 00007ffab00200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!OpenThemeData 00007ffaafe87f80 5 bytes JMP 00007ffaaff900c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!CloseThemeData 00007ffaafe88610 5 bytes JMP 00007ffab00100c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!IsThemePartDefined 00007ffaafe89f80 5 bytes JMP 00007ffab00000c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeBackgroundContentRect 00007ffaafe8a2e0 5 bytes JMP 00007ffab00c00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemePartSize 00007ffaafe8a500 5 bytes JMP 00007ffab00300c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!IsThemeBackgroundPartiallyTransparent 00007ffaafe8a6c0 5 bytes JMP 00007ffab00a00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeBackground 00007ffaafe8c2d0 5 bytes JMP 00007ffaaff800c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetCurrentThemeName 00007ffaafe9a330 5 bytes JMP 00007ffaaffe00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!IsAppThemed 00007ffaafe9b760 5 bytes JMP 00007ffaaffb00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!IsThemeActive 00007ffaafe9b790 5 bytes JMP 00007ffaaffc00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeTextExtent 00007ffaafe9ca80 5 bytes JMP 00007ffab00b00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeFont 00007ffaafe9cd20 5 bytes JMP 00007ffab01800c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!IsCompositionActive 00007ffaafe9ced0 5 bytes JMP 00007ffaafff00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeBackgroundEx 00007ffaafe9d160 5 bytes JMP 00007ffaaff400c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeBackgroundExtent 00007ffaafe9d3e0 5 bytes JMP 00007ffab00d00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeMetric 00007ffaafe9d830 5 bytes JMP 00007ffab01400c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeText 00007ffaafe9d8d0 5 bytes JMP 00007ffab00700c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeTextMetrics 00007ffaafe9e0b0 5 bytes JMP 00007ffab01100c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeBackgroundRegion 00007ffaafe9ea40 5 bytes JMP 00007ffab01200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetWindowTheme 00007ffaafe9ec10 5 bytes JMP 00007ffab00f00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeAppProperties 00007ffaafe9ec80 5 bytes JMP 00007ffab01000c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeTransitionDuration 00007ffaafe9ed00 5 bytes JMP 00007ffab00900c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemePosition 00007ffaafe9f0f0 5 bytes JMP 00007ffab01600c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!HitTestThemeBackground 00007ffaafe9fd90 5 bytes JMP 00007ffab01300c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeStream 00007ffaafea2840 5 bytes JMP 00007ffaaffd00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeRect 00007ffaafea2900 5 bytes JMP 00007ffab00400c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!DrawThemeIcon 00007ffaafecaab0 5 bytes JMP 00007ffab00e00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeDocumentationProperty 00007ffaafecb580 5 bytes JMP 00007ffab03700c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeFilename 00007ffaafecb640 5 bytes JMP 00007ffab01900c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeIntList 00007ffaafecb710 5 bytes JMP 00007ffab03200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemePropertyOrigin 00007ffaafecb810 5 bytes JMP 00007ffab03300c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeString 00007ffaafecb8c0 5 bytes JMP 00007ffab01500c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysBool 00007ffaafecb980 5 bytes JMP 00007ffab01d00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysColor 00007ffaafecba40 5 bytes JMP 00007ffab01a00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysColorBrush 00007ffaafecbb10 5 bytes JMP 00007ffab01b00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysFont 00007ffaafecbbe0 5 bytes JMP 00007ffab03400c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysInt 00007ffaafecbed0 5 bytes JMP 00007ffab03500c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysSize 00007ffaafecbf70 5 bytes JMP 00007ffab01c00c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!GetThemeSysString 00007ffaafecc030 5 bytes JMP 00007ffab03000c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!OpenThemeDataEx 00007ffaafecc290 5 bytes JMP 00007ffaaff700c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\UxTheme.dll!SetThemeAppProperties 00007ffaafecc740 5 bytes JMP 00007ffab03600c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmGetWindowAttribute 00007ffaaf6e1400 2 bytes JMP 00007ffaaf7400c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmGetWindowAttribute + 3 00007ffaaf6e1403 2 bytes [05, 00]
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmSetWindowAttribute 00007ffaaf6e1e10 5 bytes JMP 00007ffaaf7300c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmFlush + 144 00007ffaaf6e20c0 5 bytes JMP 00007ffaaf7100c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmExtendFrameIntoClientArea 00007ffaaf6e2200 4 bytes JMP 00007ffaaf7200c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmDefWindowProc 00007ffaaf6e2ad0 5 bytes JMP 00007ffaaf7700c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmIsCompositionEnabled 00007ffaaf6e37c0 5 bytes JMP 00007ffaaf7600c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmEnableBlurBehindWindow 00007ffaaf6e4c80 5 bytes JMP 00007ffaaf7500c8
      .text C:\WINDOWS\Explorer.EXE[4104] C:\WINDOWS\SYSTEM32\Dcomp.dll!DCompositionCreateDevice3 00007ffaaf838180 5 bytes JMP 00007ffaaf9500c8
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa981e0e55
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa981e0fd8
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa981e0f96
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa981e0f56
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa981e0ed6
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa981e0e96
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa981e0f16
      .text C:\WINDOWS\system32\SearchIndexer.exe[4644] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa981e0e16
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa843d0e55
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa843d0fd8
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa843d0f96
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa843d0f56
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffa843d0ed6
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa843d0e96
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa843d0f16
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa843d0e16
      .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4668] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaad740e55
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaad740fd8
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaad740f96
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaad740f56
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaad740ed6
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaad740e96
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaad740f16
      .text C:\WINDOWS\system32\dashost.exe[4908] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaad740e16
      .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffa7c6d0e55
      .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffa7c6d0fd8
      .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffa7c6d0f96
      .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffa7c6d0f56
      .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP

      Comment


      • #4
        Gmer-log 4:

        00007ffa7c6d0ed6
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffa7c6d0e96
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffa7c6d0f16
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffa7c6d0e16
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab38700c8
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab38800c8
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffa7c6d0d18
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffa7c6d0cd8
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffa7c6d0d98
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffa7c6d0d54
        .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4224] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
        ? C:\WINDOWS\SYSTEM32\iertutil.dll [6024] entry point in ".rdata" section 0000000073cf1590
        ? C:\WINDOWS\SYSTEM32\apphelp.dll [6024] entry point in ".rdata" section 000000006f66f7c0
        ? C:\Windows\System32\ActXPrxy.dll [6024] entry point in ".rdata" section 000000006c5e9c50
        ? C:\WINDOWS\SYSTEM32\iertutil.dll [1664] entry point in ".rdata" section 0000000073cf1590
        ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [1664] entry point in ".rdata" section 00000000737cc940
        ? C:\WINDOWS\system32\apphelp.dll [1664] entry point in ".rdata" section 000000006f66f7c0
        ? C:\WINDOWS\system32\apphelp.dll [6732] entry point in ".rdata" section 000000006f66f7c0
        ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6916] entry point in ".rdata" section 0000000072938fc0
        ? C:\WINDOWS\SYSTEM32\iertutil.dll [6916] entry point in ".rdata" section 0000000073cf1590
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaaaad0e55
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrResolveDelayLoadedAPI 00007ffab52d65c0 6 bytes {JMP QWORD [RIP+0x1baa3a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaaaad0fd8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffab54a000e
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaaaad0f56
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaaaad0ed6
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaaaad0e96
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaaaad0f16
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaaaad0e16
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!MoveFileW 00007ffab350ddc0 6 bytes {JMP QWORD [RIP+0x189323a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!SetUnhandledExceptionFilter 00007ffab350eeb0 13 bytes {MOV R11, 0x7ffa789c13d8; JMP R11}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!SetProcessDEPPolicy 00007ffab3511800 6 bytes {JMP QWORD [RIP+0x1b4f7fa]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!CopyFileW + 3 00007ffab3514a33 3 bytes [C5, 8C, 01]
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!CopyFileA 00007ffab354c1c0 6 bytes {JMP QWORD [RIP+0x1a94e3a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!MoveFileA 00007ffab354d620 6 bytes {JMP QWORD [RIP+0x18739da]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\KERNEL32.dll!WinExec 00007ffab3550860 6 bytes {JMP QWORD [RIP+0x1ab079a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ffab30b2630 6 bytes {JMP QWORD [RIP+0x7e9ca]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!ReleaseDC 00007ffab3389d80 5 bytes JMP 00007ffab50c00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetWindowRect 00007ffab33936c0 5 bytes JMP 00007ffab50d00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetWindowInfo 00007ffab33965c0 13 bytes {MOV R11, 0x7ffa79c7f0d0; JMP R11}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetWindow 00007ffab3397b90 5 bytes JMP 00007ffab4d800c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!EnumWindows 00007ffab3398ca0 5 bytes JMP 00007ffab50700c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffab339e300 5 bytes JMP 00007ffaaaad0d18
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffab339e430 5 bytes JMP 00007ffaaaad0cd8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffab339e8b0 5 bytes JMP 00007ffaaaad0d98
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffab33a4840 5 bytes JMP 00007ffaaaad0d54
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!DeferWindowPos 00007ffab33a7850 5 bytes JMP 00007ffab51200c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!BeginPaint 00007ffab33b3410 5 bytes JMP 00007ffab50a00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!EndPaint 00007ffab33b36e0 3 bytes JMP 00007ffab50900c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!EndPaint + 4 00007ffab33b36e4 1 byte [01]
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetDC 00007ffab33b37d0 5 bytes JMP 00007ffab50b00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!GetWindowPlacement 00007ffab33b3b40 5 bytes JMP 00007ffab51000c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!MoveWindow 00007ffab33b3d80 5 bytes JMP 00007ffab50f00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!SetWindowPlacement 00007ffab33b4220 5 bytes JMP 00007ffab51100c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!SetWindowPos 00007ffab33b4230 5 bytes JMP 00007ffab50e00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\USER32.dll!AnimateWindow 00007ffab340fcc0 5 bytes JMP 00007ffab50800c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\win32u.dll!NtUserSetLayeredWindowAttributes 00007ffab2809650 5 bytes JMP 00007ffab28200c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\GDI32.dll!BitBlt 00007ffab3062e80 5 bytes JMP 00007ffab31100c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ffab38a6210 6 bytes {JMP QWORD [RIP+0x179adea]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ffab39b11c0 6 bytes {JMP QWORD [RIP+0x166fe3a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffa9159d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffa915a89f0 6 bytes {JMP QWORD [RIP+0x32860a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffa915f34e0 6 bytes {JMP QWORD [RIP+0x31db1a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffa915f3dd0 6 bytes {JMP QWORD [RIP+0x25d22a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffa915fc960 6 bytes {JMP QWORD [RIP+0x2f469a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffa9162de20 6 bytes {JMP QWORD [RIP+0x3231da]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffa91634d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffa9169ce90 6 bytes {JMP QWORD [RIP+0x21416a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffa9169d780 6 bytes {JMP QWORD [RIP+0x1f387a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffa916c5c60 6 bytes {JMP QWORD [RIP+0x1ab39a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmGetWindowAttribute 00007ffaaf6e1400 2 bytes JMP 00007ffaaf7300c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmGetWindowAttribute + 3 00007ffaaf6e1403 2 bytes [04, 00]
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmSetWindowAttribute 00007ffaaf6e1e10 5 bytes JMP 00007ffaaf7200c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmExtendFrameIntoClientArea 00007ffaaf6e2200 4 bytes JMP 00007ffaaf7100c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmDefWindowProc 00007ffaaf6e2ad0 5 bytes JMP 00007ffaaf7600c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmIsCompositionEnabled 00007ffaaf6e37c0 5 bytes JMP 00007ffaaf7500c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dwmapi.dll!DwmEnableBlurBehindWindow 00007ffaaf6e4c80 5 bytes JMP 00007ffaaf7400c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\D3D11.DLL!D3D11CreateDevice 00007ffaad825080 5 bytes JMP 00007ffaada800c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffab0735b30 5 bytes JMP 00007ffab07d00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffab0735ff0 5 bytes JMP 00007ffab07e00c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffa7d72d040 5 bytes JMP 00007ffa7d8900c8
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLDownloadToFileW 00007ffa94951fd0 6 bytes {JMP QWORD [RIP+0x18f02a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007ffa94952060 6 bytes {JMP QWORD [RIP+0x1def9a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileA 00007ffa949df550 6 bytes {JMP QWORD [RIP+0x171aaa]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLDownloadToFileA 00007ffa949df6d0 6 bytes {JMP QWORD [RIP+0x12192a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLOpenBlockingStreamA 00007ffa949df820 6 bytes {JMP QWORD [RIP+0x2317da]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLOpenBlockingStreamW 00007ffa949df900 6 bytes {JMP QWORD [RIP+0x2016fa]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLOpenStreamA 00007ffa949dfb90 6 bytes {JMP QWORD [RIP+0x1d146a]}
        .text C:\Program Files\Mozilla Firefox\firefox.exe[6408] C:\Windows\System32\urlmon.dll!URLOpenStreamW 00007ffa949dfc60 6 bytes {JMP QWORD [RIP+0x1a139a]}
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffab5299e70 5 bytes JMP 00007ffaa2f10e55
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback 00007ffab5301b20 5 bytes JMP 00007ffaa2f10fd8
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffab53363c0 5 bytes JMP 00007ffaa2f10f96
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00007ffab5336480 5 bytes JMP 00007ffaa2f10f56
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffab53365c0 5 bytes JMP 00007ffaa2f10ed6
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffab5336600 5 bytes JMP 00007ffaa2f10e96
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffab5336ac0 5 bytes JMP 00007ffaa2f10f16
        .text C:\WINDOWS\system32\fontdrvhost.exe[6244] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher 00007ffab5339c80 5 bytes JMP 00007ffaa2f10e16
        ? C:\WINDOWS\system32\apphelp.dll [3260] entry point in ".rdata" section 000000006f66f7c0

        ---- User IAT/EAT - GMER 2.2 ----

        IAT C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5f ae\gdiplus.dll[USER32.dll!WindowFromDC] [7ff6601ccc8] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\Program Files\ESET\ESET Internet Security\egui.exe[3728] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5f ae\gdiplus.dll[GDI32.dll!GetRandomRgn] [7ff6601c918] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[USER32.dll!SetWindowPlacement] [666019b0] C:\Program Files (x86)\Stardock\WindowBlinds\wbhelp64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[USER32.dll!SetWindowCompositionAttribute] [7ff66070a28] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[GDI32.dll!StretchDIBits] [7ff66070808] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[GDI32.dll!GdiAlphaBlend] [7ff6606e150] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[UxTheme.dll!BufferedPaintSetAlpha] [7ff6606d594] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\Explorer.EXE[UxTheme.dll!BeginBufferedPaint] [7ff6606d654] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExA] [7ff660362e4] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [7ff66036390] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [7ff66036418] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[GDI32.dll!GetRandomRgn] [7ff6601c918] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!WindowFromDC] [7ff6601ccc8] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[GDI32.dll!BitBlt] [7ff660397b0] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryExA] [7ff660362e4] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryW] [7ff66036418] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryA] [7ff66036390] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[USER32.dll!FillRect] [7ff66039888] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[USER32.dll!DrawTextW] [7ff6603ac30] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\UIRibbon.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5f ae\gdiplus.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5f ae\gdiplus.dll[USER32.dll!WindowFromDC] [7ff6601ccc8] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5f ae\gdiplus.dll[GDI32.dll!GetRandomRgn] [7ff6601c918] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\MSCTF.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\comctl32.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\comctl32.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\SYSTEM32\SndVolSSO.DLL[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\explorerframe.dll[USER32.dll!SetWindowPlacement] [666019b0] C:\Program Files (x86)\Stardock\WindowBlinds\wbhelp64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Windows\System32\TwinUI.dll[USER32.dll!SetWindowPlacement] [666019b0] C:\Program Files (x86)\Stardock\WindowBlinds\wbhelp64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Users\Ralph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\MSVCR120.dll[KERNEL32.dll!LoadLibraryExA] [7ff660362e4] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Users\Ralph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\MSVCR120.dll[KERNEL32.dll!LoadLibraryW] [7ff66036418] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL[KERNEL32.dll!LoadLibraryExA] [7ff660362e4] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL[KERNEL32.dll!LoadLibraryW] [7ff66036418] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\SYSTEM32\MSVCP140.dll[KERNEL32.dll!LoadLibraryExA] [7ff660362e4] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\cscui.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\System32\cscui.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\stobject.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\Windows\System32\InputSwitch.dll[USER32.dll!LoadImageW] [7ff6601f02c] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\dxp.dll[USER32.dll!WindowFromDC] [7ff6601ccc8] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\WINDOWS\Explorer.EXE[4104] @ C:\WINDOWS\system32\SHDOCVW.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
        IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!LdrLoadDll] [7ffa8ded3130] C:\Program Files\ESET\ESET Internet Security\eplgFirefox.dll
        IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!LdrLoadDll] [7ffa8ded3130] C:\Program Files\ESET\ESET Internet Security\eplgFirefox.dll
        IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll

        Comment


        • #5
          Gmer-log 5:

          IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[GDI32.dll!GetRandomRgn] [7ff6601c918] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
          IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
          IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!WindowFromDC] [7ff6601ccc8] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll
          IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\system32\explorerframe.dll[USER32.dll!SetWindowPlacement] [666019b0] C:\Program Files (x86)\Stardock\WindowBlinds\wbhelp64.dll
          IAT C:\Program Files\Mozilla Firefox\firefox.exe[6408] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\comctl32.dll[USER32.dll!GetWindowDC] [7ff66033e04] C:\Program Files (x86)\Stardock\WindowBlinds\WBLIND64.dll

          ---- Threads - GMER 2.2 ----

          Thread C:\WINDOWS\system32\csrss.exe [684:732] ffffcfb363fa6c20

          ---- Registry - GMER 2.2 ----

          Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xF3 0x5A 0x48 0x2F ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xA8 0xC8 0x6F 0xD3 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xF3 0x5A 0x48 0x2F ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xA8 0xC8 0x6F 0xD3 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\[email protected] 145
          Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\FUS074CYE3R206947_03_07D8_69^CC3 [email protected] 0xF4 0x6A 0x99 0x2F ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\[email protected] 748
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\[email protected] 293061746
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal [email protected] 0efd7c45-d435-46ad-a614-ebb87c2
          Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\[email protected] \BaseNamedObjects\WDI_{87dac718-3008-4910-ab05-a98e37001857}
          Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272ce61a0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xDF 0x63 0x0A 0x96 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xA5 0xAE 0x90 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x41 0x22 0xB4 0xBC ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] CDPUserSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\cdpusersvc.dll,-101
          Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_692bf\[email protected] 0x01 0x00 0x14 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{20b37efe-2ed0-44cb-acc5-d4c93bdfae57}@LastProbeTime 1485160925
          Reg HKLM\SYSTEM\CurrentControlSet\Services\EpfwLWF\Parameters
          Reg HKLM\SYSTEM\CurrentControlSet\Services\EpfwLWF\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\[email protected] 0xE0 0x44 0x96 0x0E ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] MessagingService_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\MessagingService.dll,-101
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\[email protected] 0x01 0x00 0x14 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\[email protected] 7
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\[email protected] 0x16 0x28 0x7A 0x2D ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\[email protected] 0x75 0x18 0xBC 0xA3 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf\TriggerInfo\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Host synchroniseren_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\APHostRes.dll,-10001
          Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_692bf\[email protected] 0x01 0x00 0x04 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Contact Data_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
          Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_692bf\[email protected] 0x01 0x00 0x04 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 27
          Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] ?ma?, ?jan ?23 ?17, 08:43:48??????????????????????????U????????
          Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 435
          Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\[email protected] 144
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dde34598-71a2-403c-9536-de4de624ddfe}@LeaseObtainedTime 1485157324
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dde34598-71a2-403c-9536-de4de624ddfe}@T1 1485200524
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dde34598-71a2-403c-9536-de4de624ddfe}@T2 1485232924
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dde34598-71a2-403c-9536-de4de624ddfe}@LeaseTerminatesTime 1485243724
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dde34598-71a2-403c-9536-de4de624ddfe}@Dhcpv6State 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] User Data Storage_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_692bf\[email protected] 0x01 0x00 0x04 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] User Data Access_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_692bf\[email protected] 0x01 0x00 0x04 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x2A 0x15 0x2B 0xB8 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x2A 0x7D 0xEF 0x19 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x2A 0xAD 0x66 0x56 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Windows Push Notification-gebruikersservice_692bf
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\WpnUserService.dll,-2
          Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_692bf\Security
          Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_692bf\[email protected] 0x01 0x00 0x04 0x80 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_692bf
          Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
          Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\[email protected] 17
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel?
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\[email protected]_cw5 n1h2txyewy!microsoft.windows.immersivecontrolpanel 0x6C 0x8E 0xD9 0x9F ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 2017-01-23 03:59:30

          ---- EOF - GMER 2.2 ----

          Comment


          • #6
            Beste moderator,

            Ik heb defogger dan nu wel kunnen downloaden en heb gedaan wat u vroeg. De DDS geeft nog steeds dezelfde foutmelding dus ik kan u hier niet aan helpen, ik heb echter wel een Adware-log kunnen maken, deze gaf echter geen threads, dat zal komen omdat ik eerder vandaag, dus voordat ik de post maakte, wel een stuk of 7 threads had en zijn er dus uit, ik zal u deze log hieronder alsnog toevoegen. De Mbam durf ik niet aan te zetten voor een scan, ik heb de premium versie en ik heb deze dus ook eerder vandaag al opnieuw geïnstalleerd en toen bleef hij hangen en daarmee de hele PC. Ik heb ook gemerkt dat e-mails die om 13:30 naar mij zijn toegestuurd op dat tijdstip niet aangekomen zijn, ik krijg deze pas veel later. Sorry dat ik het misschien onoverzichtelijk maak op deze manier, ik wacht nu gewoon uw antwoord af.

            Adware log:

            # AdwCleaner v6.042 - Logfile created 23/01/2017 at 17:18:14
            # Updated on 06/01/2017 by Malwarebytes
            # Database : 2017-01-23.1 [Server]
            # Operating System : Windows 10 Pro (X64)
            # Username : Ralph - PC-R
            # Running from : C:\Users\Ralph\Desktop\AdwCleaner.exe
            # Mode: Scan
            # Support : https://www.malwarebytes.com/support



            ***** [ Services ] *****

            No malicious services found.


            ***** [ Folders ] *****

            No malicious folders found.


            ***** [ Files ] *****

            No malicious files found.


            ***** [ DLL ] *****

            No malicious DLLs found.


            ***** [ WMI ] *****

            No malicious keys found.


            ***** [ Shortcuts ] *****

            No infected shortcut found.


            ***** [ Scheduled Tasks ] *****

            No malicious task found.


            ***** [ Registry ] *****

            No malicious registry entries found.


            ***** [ Web browsers ] *****

            No malicious Firefox based browser items found.
            No malicious Chromium based browser items found.

            *************************

            C:\AdwCleaner\AdwCleaner[C0].txt - [1428 Bytes] - [25/08/2016 23:50:20]
            C:\AdwCleaner\AdwCleaner[C2].txt - [1684 Bytes] - [23/01/2017 06:16:40]
            C:\AdwCleaner\AdwCleaner[S0].txt - [1678 Bytes] - [25/08/2016 23:48:37]
            C:\AdwCleaner\AdwCleaner[S1].txt - [1729 Bytes] - [23/01/2017 06:14:09]
            C:\AdwCleaner\AdwCleaner[S2].txt - [1271 Bytes] - [23/01/2017 17:18:14]

            ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1344 Bytes] ##########

            Comment


            • #7
              Beste moderator,

              Ik ben dan nog niet geholpen maar desondanks houd ik u op de hoogte van de ontwikkelingen, zodat mijn problemen actueel aan u doorgegeven worden. Het volgende is gebeurd: Ik wilde vanmorgen inloggen in mijn Outlook account en ik kwam tot de ontdekking dat dit niet meer ging. Vervolgens heb ik een melding gemaakt dat ik mijn wachtwoord was vergeten (een andere melding kon ik niet opgeven) Ik heb daarom een code gekregen op een ander e-mailadres en dat kreeg ik, maar wat mij wel opviel natuurlijk, dat was dat de code voor een heel ander e-mailadres was Dit werd weergegeven zoals u wel zult weten hoe outlook dat weergeeft. In dit geval was het ma******@hotmail.com en dat is niet mijn e-mailadres. Ik heb deze code toch gebruikt en zo kwam het tot de herstelopties, dus dat ik dit foute e-mailadres wilde herstellen. Dat ging natuurlijk niet zomaar, maar daardoor kreeg ik wel het hele e-mailadres te zien en dat was dus een heel ander adres. Toch ben ik weer in mijn goede e-mailadres gekomen wat dus ra*******@outlook.com is, dus het is mij duidelijk dat er iets toch niet goed is. Mocht ik nu aan de beurt komen dan moet u maar zeggen wat u van mij verwacht, ik zal dan opvolgen wat u mij zegt. Malwarebytes werkt overigens nog steeds niet en blijft in de heuristische analyse hangen en als ik deze annuleer, dan kan ik niks meer maar dan blijft de scantijd wel doorlopen en ik heb MB weer opnieuw gedownload, na eerst met de verwijderingstool de eerdere versie te hebben verwijderd. Zelfde probleem. U bent nu dan op de hoogte van de laatste ontwikkelingen.

              Met vriendelijke groet,

              PC USER RM

              Comment


              • #8
                Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
                Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

                Farbar Recovery Scan Tool uitvoeren
                • Dubbelklik op FRST.exe om de tool te starten.
                • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
                • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Beste Juisterr,

                  Bedankt voor je reactie. Ik kan je ook melden dat er in de quarantaine van Eset een JS redirect.NAV trojaans paard stond, deze heb ik verwijderd. Ik stuur nu in de bijlage de gevraagde logjes naar je toe. Ik hoop dat ik het goed heb gedaan.

                  Met vriendelijke groet,


                  PC USER RM
                  Bijgevoegde Bestanden
                  Last edited by PC USER RM; 25-01-17, 21:17.

                  Comment


                  • #10
                    Start de Farbar Recovery Scan Tool nogmaals.
                    • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
                    • Dubbelklik op FRST.exe om de tool te starten.
                    • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                    • Druk op de Fix knop
                    • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                    • Voeg dit logbestand als bijlage toe aan het volgende bericht..


                    fixlist.txt

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Beste Juisterr,

                      Bedankt voor je reactie. Hierbij het gevraagde logbestand.


                      Met vriendelijke groet,

                      PC USER RM
                      Bijgevoegde Bestanden

                      Comment


                      • #12
                        Is er enige verbetering merkbaar.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Beste Juisterr,

                          Ja op zich werkt het allemaal weer wat beter, zoals de browsers (chrome en FF) maar ik merk wel dat ik programma's weer opnieuw moet laden of opnieuw doorgang verlenen aan de firewall, dat soort dingetjes. Alsof ik ze nieuw geïnstalleerd heb, terwijl het er al opstaat en dit voor de PC en het programma allemaal bekend moet zijn, het zijn ook geen updates. Ik heb malwarebytes eraf gegooid want de nieuwste update is niet goed, er is iets mee. Gisteren bij een kennis de nieuwste versie gedownload en geïnstalleerd en de PC begon gelijk raar te doen, heel apart. Bij mij blijft de scan hangen in de heuristische analyse en als ik deze annuleer dan blijft de scantijd ook gewoon doorlopen, dat had hij dan weer niet. Maar voor de rest is het wel iets beter, maar ik twijfel nog of het helemaal schoon is , dat kun jij denk ik beter zien. Als er volgens jou geen maatregelen meer nodig zijn, dan zal ik de pc de aankomende dagen met alles beter in de gaten houden en als alles gewoon weer werkt zoals het hoort, dan laat ik dat weten aan je en dan kunnen we dit probleem als opgelost aanvinken. Jij mag het beslissen, als jij denkt dat er niks meer nodig is om toe te passen, dan is dat goed voor mij.


                          Met vriendelijke groet,


                          PC USER RM

                          Comment


                          • #14
                            Download MalwareBytes' Anti-Malware(mirror)(website) en sla het op je bureaublad op.

                            Zorg dat er na de installatie een vinkje is geplaatst bij:
                            • Update MalwareBytes' Anti-Malware
                            • Start MalwareBytes' Anti-Malware
                            • Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.

                            Klik daarna op "Voltooien".
                            De databaseupdate zal gedownload en geïnstalleerd worden.

                            Bij problemen!!! (Lees de onderstaande instructies)
                            • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
                            • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
                            • Daarna: "Scanner Instellingen". Onderaan bij "PUP" kiezen voor "Weergeven in scan resultaten - selecteren voor verwijdering".
                            • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
                            • Druk vervolgens op de knop "Scannen" om de scan te starten.
                            • Het scannen kan een tijdje duren, wees dus geduldig.
                            • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
                            • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
                            • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
                            • Herstart de computer indien nodig en post hierna de log als bijlage in het volgende bericht.

                            Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan worden teruggevonden door op de "Logs" tab te klikken in het programma.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Beste Juisterr,

                              Ik heb MB gedownload en deze op mijn bureaublad geplaatst, echter de door u opgegeven instructies, zoals het uitzetten van IE kon ik nergens vinden. Ook de andere instructies (onderaan bij PUP) kon ik niet vinden. MB heeft inmiddels een nieuwe versie (3.06), deze mogelijkheden stonden er allemaal niet bij.

                              Overigens wil ik ook even melden dat ik gisteren (30-1-2017) niet kon inloggen op NUCIA. Ik kreeg wel te zien ''Bedankt voor het inloggen" en "U wordt doorverwezen naar....." maar ik kreeg hetzelfde scherm als wanneer je niet ingelogd bent. Ik kon ook geen reacties geven.

                              Ik heb wel een logje.


                              Met vriendelijke groet,


                              PC USER RM
                              Bijgevoegde Bestanden

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X