ch3ewbacca | 01.03.2015 15:39 | GMER Log:
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-01 15:23:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0 298,09GB
Running: ozxzqw00.exe; Driver: C:\Users\MK\AppData\Local\Temp\uxddipod.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076781401 2 bytes JMP 7693b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076781419 2 bytes JMP 7693b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076781431 2 bytes JMP 769b8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007678144a 2 bytes CALL 769148ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767814dd 2 bytes JMP 769b87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767814f5 2 bytes JMP 769b8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007678150d 2 bytes JMP 769b8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076781525 2 bytes JMP 769b8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007678153d 2 bytes JMP 7692fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076781555 2 bytes JMP 769368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007678156d 2 bytes JMP 769b8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076781585 2 bytes JMP 769b8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007678159d 2 bytes JMP 769b865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767815b5 2 bytes JMP 7692fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767815cd 2 bytes JMP 7693b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767816b2 2 bytes JMP 769b8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\Smartbar\Application\Smartbar.exe[2028] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767816bd 2 bytes JMP 769b85f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076781401 2 bytes JMP 7693b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076781419 2 bytes JMP 7693b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076781431 2 bytes JMP 769b8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007678144a 2 bytes CALL 769148ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767814dd 2 bytes JMP 769b87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767814f5 2 bytes JMP 769b8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007678150d 2 bytes JMP 769b8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076781525 2 bytes JMP 769b8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007678153d 2 bytes JMP 7692fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076781555 2 bytes JMP 769368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007678156d 2 bytes JMP 769b8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076781585 2 bytes JMP 769b8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007678159d 2 bytes JMP 769b865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767815b5 2 bytes JMP 7692fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767815cd 2 bytes JMP 7693b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767816b2 2 bytes JMP 769b8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\MK\AppData\Local\LPT\srptm.exe[2868] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767816bd 2 bytes JMP 769b85f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076781401 2 bytes JMP 7693b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076781419 2 bytes JMP 7693b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076781431 2 bytes JMP 769b8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007678144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767814dd 2 bytes JMP 769b87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767814f5 2 bytes JMP 769b8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007678150d 2 bytes JMP 769b8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076781525 2 bytes JMP 769b8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007678153d 2 bytes JMP 7692fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076781555 2 bytes JMP 769368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007678156d 2 bytes JMP 769b8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076781585 2 bytes JMP 769b8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007678159d 2 bytes JMP 769b865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767815b5 2 bytes JMP 7692fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767815cd 2 bytes JMP 7693b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767816b2 2 bytes JMP 769b8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767816bd 2 bytes JMP 769b85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077461398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007746143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077461594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007746191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077461bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077461d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077461edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077461fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774627d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007746282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077462898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077462d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077462d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007746323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077463a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077463ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077463b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077464190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077464241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000774642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077464434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000774645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000774646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077464a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077464b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077464c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077464d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077464ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077464ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000774650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000774652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000774653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000774655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000774664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007746668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007746687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000774668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000774668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007746692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077467166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077467dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077467e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774b1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774b1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774b1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774b1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774b1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774b1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774b1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774b27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d2146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077461398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007746143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077461594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007746191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077461bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077461d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077461edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077461fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774627d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007746282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077462898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077462d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077462d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007746323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077463a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077463ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077463b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077464190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077464241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000774642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077464434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000774645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000774646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077464a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077464b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077464c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077464d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077464ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077464ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000774650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000774652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000774653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000774655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000774664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007746668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007746687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000774668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000774668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007746692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077467166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077467dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077467e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774b1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774b1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774b1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774b1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774b1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774b1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774b1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774b27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d2146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[6620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077461398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007746143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077461594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007746191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077461bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077461d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077461edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077461fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774627d2 8 bytes {JMP 0x10}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007746282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077462898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077462d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077462d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007746323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077463a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077463ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077463b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077464190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077464241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000774642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077464434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000774645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000774646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077464a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077464b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077464c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077464d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077464ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077464ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000774650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000774652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000774653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000774655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000774664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007746668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007746687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000774668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000774668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007746692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077467166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077467dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077467e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774b1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774b1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774b1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774b1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774b1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774b1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774b1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774b27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d2146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\MK\Downloads\ozxzqw00.exe[5272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d21a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004cecec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Processes - GMER 2.1 ----
Process C:\Users\MK\AppData\Local\RGMService\RGMUpdater.exe (*** suspicious ***) @ C:\Users\MK\AppData\Local\RGMService\RGMUpdater.exe [1960](2014-10-27 15:04:52) 00000000012d0000
Process C:\Users\MK\AppData\Local\RGMService\RGMLoader.exe (*** suspicious ***) @ C:\Users\MK\AppData\Local\RGMService\RGMLoader.exe [1248](2014-12-01 16:01:16) 0000000000cc0000
Library C:\Users\MK\AppData\Local\RGMService\RGMHost.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\RGMService\RGMLoader.exe [1248](2 0000000071b80000
Library C:\Users\MK\AppData\Local\RGMService\MonetizationToolsManager.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\RGMService\RGMLoader.exe [1248](2014-12-01 16:01:46) 0000000070530000
Library C:\Users\MK\AppData\Local\RGMService\ProtectorsManager.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\RGMService\RGMLoader.exe [1248](2014-12-01 16:02:06) 00000000703a0000
Process C:\Users\MK\AppData\Local\LPT\srptm.exe (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:26) 0000000000120000
Library C:\Users\MK\AppData\Local\LPT\srpt.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:24) 0000000072530000
Library C:\Users\MK\AppData\Local\LPT\srptc.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:24) 0000000072520000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868] (TAWAG.Communication.NamedPipe/Microsoft)(2014-06-11 12:11:40) 0000000072500000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Communication.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868] (TAWAG.Communication/Microsoft)(2014-06-11 12:11:40) 00000000724f0000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Common.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:11:40) 000000006b740000
Library C:\Users\MK\AppData\Local\LPT\srut.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:32) 000000006b450000
Library C:\Users\MK\AppData\Local\LPT\sppsm.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:14) 000000006b1a0000
Library C:\Users\MK\AppData\Local\LPT\spusm.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868] (spusm/Microsoft)(2014-06-11 12:13:14) 000000006b190000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:02) 000000006a510000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Personalization.Common.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:12:58) 00000000700a0000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:12:52) 000000006d8c0000
Library C:\Users\MK\AppData\Local\LPT\srbs.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868] (srbs/Microsoft)(2014-06-11 12:13:16) 0000000069110000
Library C:\Users\MK\AppData\Local\LPT\srbu.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:18) 0000000068430000
Library C:\Users\MK\AppData\Local\LPT\srpdm.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:20) 000000006d520000
Library C:\Users\MK\AppData\Local\LPT\ProxySettings.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:11:34) 000000006d450000
Library C:\Users\MK\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:12:58) 000000006b920000
Library C:\Users\MK\AppData\Local\LPT\srprl.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:22) 000000006b170000
Library C:\Users\MK\AppData\Local\LPT\lrrot.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:11:22) 000000006b160000
Library C:\Users\MK\AppData\Local\LPT\Proxy.Lib.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:11:32) 000000006a9d0000
Library C:\Users\MK\AppData\Local\LPT\sreu.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868](2014-06-11 12:13:18) 000000006a2a0000
Library C:\Users\MK\AppData\Local\LPT\Newtonsoft.Json.dll (*** suspicious ***) @ C:\Users\MK\AppData\Local\LPT\srptm.exe [2868] (Json.NET .NET 2.0/Newtonsoft)(2014-06-11 12:11:28) 0000000066680000
Library C:\Windows\System32\QuickTime\QuickTimeAuthoring.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE N 0000000066eb0000
Library C:\Windows\System32\QuickTime\QuickTimeCapture.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT F 0000000067030000
Library C:\Windows\System32\QuickTime\QuickTimeEffects.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT F 0000000067080000
Library C:\Windows\System32\QuickTime\QuickTimeEssentials.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE 00000000672c0000
Library C:\Windows\System32\QuickTime\QuickTimeImage.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND 0000000067110000
Library C:\Windows\System32\QuickTime\QuickTimeInternetExtras.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND) 0000000066de0000
Library C:\Windows\System32\QuickTime\QuickTimeMPEG.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND) 0000000067250000
Library C:\Windows\System32\QuickTime\QuickTimeMPEG4.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND 0000000067340000
Library C:\Windows\System32\QuickTime\QuickTimeMPEG4Authoring.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND) 00000000673c0000
Library C:\Windows\System32\QuickTime\QuickTimeMusic.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND 0000000067190000
Library C:\Windows\System32\QuickTime\QuickTimeStreaming.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE N 0000000066c10000
Library C:\Windows\System32\QuickTime\QuickTimeStreamingAuthoring.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND) 0000000067560000
Library C:\Windows\System32\QuickTime\QuickTimeStreamingExtras.qtx (*** suspicious ***) @ C:\Program Files (x86)\QuickTime\qttask.exe [5076] (FILE NOT FOUND) 00000000675c0000
---- EOF - GMER 2.1 ---- --- --- ---
Vielen Dank im Voraus für eure Hilfe. |