| Myriam84 | 07.07.2014 11:53 |
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-07 12:19:57
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d rev. 0.00MB
Running: Gmer-19357.exe; Driver: C:\Users\Entenrechner\AppData\Local\Temp\pxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fea7fe6764 9 bytes JMP 000007ffa73f0308
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 000007fea7ffd000 8 bytes JMP 000007ffa73f03b0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fea8004890 7 bytes JMP 000007ffa73f0340
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fea800d8f8 7 bytes JMP 000007ffa73f0260
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fea801b1a4 7 bytes JMP 000007ffa73f0298
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fea801b214 7 bytes JMP 000007ffa73f02d0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fea801b238 8 bytes JMP 000007ffa73f0228
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 000007fea801b87c 8 bytes JMP 000007ffa73f0378
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fea7402850 1 byte JMP 000007ffa73f00d8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fea7402852 5 bytes {JMP 0xfffffffffffed888}
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fea7402898 5 bytes JMP 000007ffa73f0180
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fea74070e0 6 bytes JMP 000007ffa73f0148
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fea74073fc 5 bytes JMP 000007ffa73f0110
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!CreateWindowExW 000007fea79bc5b0 7 bytes JMP 000007ffa73f0490
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fea79c31f0 9 bytes JMP 000007ffa73f03e8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 000007fea79c33e0 5 bytes JMP 000007ffa73f0458
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 000007fea79c7160 5 bytes JMP 000007ffa73f0420
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fea9ba10b0 8 bytes JMP 000007ffa73f01f0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fea9bb11b0 8 bytes JMP 000007ffa73f01b8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fea5c96d10 5 bytes JMP 000007ffa5c80110
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fea5c9d060 5 bytes JMP 000007ffa5c800d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007feaa1e177a 4 bytes [1E, AA, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007feaa1e1782 4 bytes [1E, AA, FE, 07]
.text C:\windows\System32\svchost.exe[2088] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2088] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegQueryValueExW 000007fea7fe6764 9 bytes JMP 000007ffa73d03e8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegSetValueExW 000007fea7ffd000 8 bytes JMP 000007ffa73d0490
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegDeleteValueW 000007fea8004890 7 bytes JMP 000007ffa73d0420
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 000007fea800d8f8 7 bytes JMP 000007ffa73d0340
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000007fea801b1a4 7 bytes JMP 000007ffa73d0378
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetModuleInformation 000007fea801b214 7 bytes JMP 000007ffa73d03b0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 000007fea801b238 8 bytes JMP 000007ffa73d0308
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegSetValueExA 000007fea801b87c 8 bytes JMP 000007ffa73d0458
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fea7402850 1 byte JMP 000007ffa73d00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fea7402852 5 bytes {JMP 0xfffffffffffcd888}
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fea7402898 5 bytes JMP 000007ffa73d0180
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fea74070e0 6 bytes JMP 000007ffa73d0148
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fea74073fc 5 bytes JMP 000007ffa73d0110
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!CreateWindowExW 000007fea79bc5b0 7 bytes JMP 000007ffa73d0570
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fea79c31f0 9 bytes JMP 000007ffa73d04c8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 000007fea79c33e0 5 bytes JMP 000007ffa73d0538
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 000007fea79c7160 5 bytes JMP 000007ffa73d0500
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fea9ba10b0 8 bytes JMP 000007ffa73d01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fea9bb11b0 8 bytes JMP 000007ffa73d01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 000007fea9692100 5 bytes JMP 000007ffa73d0228
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fea96a5d4c 7 bytes JMP 000007ffa73d0260
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fe9fbaada0 5 bytes JMP 000007fea73d02d0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fe9fbcd6c8 6 bytes JMP 000007fea73d0298
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Windows\System32\igfxpers.exe[4024] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007feaa1e177a 4 bytes [1E, AA, FE, 07]
.text C:\Windows\System32\igfxpers.exe[4024] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007feaa1e1782 4 bytes [1E, AA, FE, 07]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [756:780] fffff960008665e8
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\uds.dll.0515e0460dae083d96b12ede5e1305a8 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d8d0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\avengine.dll.3fe58f414aa3dfe528ddb4fd35396bdd (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d5a0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kavbase.kdl.7aa539a1cbbfb4baa644b9866f4bcf4b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d4d0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavemu.kdl.6e86633e63e607038cfa66d3f88c5d60 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006b780000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kjim.kdl.4d87815dc55a0ea5f712a61bb640573a (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a9c0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\mark.kdl.439cd9b41ec8d21b1586f50936d6c9c7 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a950000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\qscan.kdl.6f421f0667a2208fb2f4dc2a03912f82 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a820000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kavsys.kdl.ba76be53c8245ddbd0e2864e74f8f638 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006aef0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\arkmon.kdl.2a7e20d80dc85bffd099a5ec75d43665 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000065510000
Library c:\programdata\kaspersky lab\avp14.0.0\data\wlengine.dll (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064280000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\swmon.kdl.8bcd44f16c753932967d5433cb79247b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064050000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\swmon_drv.kdl.925e67a10a7c0746eefbbcb37d1db516 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064010000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\vlns.kdl.75bc7021d19dabc13b3578597a15f843 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062890000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\pbs.kdl.855e976d16841a9bbaa528a886998eee (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062730000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\metascan.kdl.44098c3d85ae01dc961a5bb462ce80cf (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062480000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavasyswatch.dll.cbcfd9fa6b6b6cd2bb04bd4017408b7b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000061f70000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\pdm.kdl.3e8b21cf357ecefe6529658c1ae62636 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 00000000619f0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\heurap.dll.0ce84b1af150e117a14d119f99292f28 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000061890000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\sys_critical_obj.dll (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000060080000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\bsshlp2.kdl.7b5ed3ca6d3d7225b866af3c09484fec (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000005d480000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
|
