| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2010, 11:29
| #16 |
 |  Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Spyware Doctor\pctsTray.exe[2956] kernel32.dll!CreateThread + 1A 77B1C928 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Windows\ehome\ehmsas.exe[3328] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\rundll32.exe[3684] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\System32\rundll32.exe[3684] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A |
|
18.06.2010, 11:31
| #17 |
| | Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
__________________.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\taskeng.exe[3888] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\system32\taskeng.exe[3888] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Windows\ehome\ehtray.exe[3948] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\taskeng.exe[3992] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\system32\taskeng.exe[3992] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\FixCamera.exe[4024] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Windows\FixCamera.exe[4024] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\FixCamera.exe[4024] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\FixCamera.exe[4024] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Windows\FixCamera.exe[4024] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Windows\System32\mobsync.exe[4140] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Windows\System32\mobsync.exe[4140] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] |
|
18.06.2010, 11:32
| #18 |
| | Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? .text C:\Windows\System32\mobsync.exe[4140] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
__________________.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8B, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [88, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [91, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [94, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [85, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [97, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [82, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8E, 71] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] KERNEL32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00310000 IAT C:\Windows\system32\csrss.exe[584] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrLoadDll] 09440000 IAT C:\Windows\system32\wininit.exe[640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00650000 IAT C:\Windows\system32\csrss.exe[652] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrLoadDll] 00830000 IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000 IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00670002 IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00670000 IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00890000 IAT C:\Windows\system32\lsass.exe[700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001E0000 IAT C:\Windows\system32\lsm.exe[720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 005C0000 IAT C:\Windows\system32\svchost.exe[868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000 IAT C:\Windows\system32\nvvsvc.exe[932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009C0000 IAT C:\Windows\system32\winlogon.exe[960] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A0000 IAT C:\Windows\system32\svchost.exe[1000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00210000 IAT C:\Windows\System32\svchost.exe[1068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00130000 IAT C:\Windows\System32\svchost.exe[1100] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006D0000 IAT C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D10000 IAT C:\Windows\system32\svchost.exe[1160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010B0000 IAT C:\Windows\system32\svchost.exe[1320] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00120000 IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D70000 IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00660000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01080000 IAT C:\Windows\system32\IoctlSvc.exe[1552] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003D0000 IAT C:\Windows\system32\svchost.exe[1672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00900000 IAT C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00530000 IAT C:\Windows\System32\spoolsv.exe[1964] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00090000 IAT C:\Windows\system32\svchost.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01710000 IAT C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EF0000 IAT C:\Windows\system32\PnkBstrA.exe[2068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00810000 IAT C:\Windows\system32\svchost.exe[2084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00930000 IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00960000 IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004A0000 IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010B0000 IAT C:\Windows\system32\svchost.exe[2296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01020000 IAT C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A10000 IAT C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01B40000 IAT C:\Windows\system32\CLWatson.exe[2424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000 IAT C:\Windows\System32\svchost.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000A0000 IAT C:\Windows\system32\SearchIndexer.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 05680000 IAT C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00200000 IAT C:\Windows\system32\WUDFHost.exe[2764] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007F0000 IAT C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01A80000 IAT C:\Windows\system32\CLWatson.exe[2840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000 IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000 IAT C:\Windows\system32\wbem\wmiprvse.exe[2856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009C0000 IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2956] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) IAT C:\Program Files\Windows Defender\MSASCui.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00660000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000 IAT C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002C0000 IAT C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003F0000 IAT C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000 IAT C:\Windows\RtHDVCpl.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000 IAT C:\Windows\system32\CLWatson.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001A0000 IAT C:\Windows\system32\taskeng.exe[3556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000 IAT C:\Windows\System32\rundll32.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001F0000 IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002A0000 IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000 IAT C:\Windows\system32\Dwm.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00180000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000 IAT C:\Windows\system32\taskeng.exe[3888] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000B0000 IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74917817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7496A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7491BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7490F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7490E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74948395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7491DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7490FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7490FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7499CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7493C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7490D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74906853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7490687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74912AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000 IAT C:\Windows\system32\taskeng.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00300000 IAT C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00810000 IAT C:\Windows\FixCamera.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000 |
|
18.06.2010, 12:25
| #19 |
| /// Selecta Jahrusso   | Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.06.2010, 12:13
| #20 |
| /// Selecta Jahrusso | Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? |
| malwarebytes' anti-malware, nicht mehr öffnen |
Linear-Darstellung
