hallo Marvin_1980 ich hab genau das selbe problem gehabt wie du dann hab ich auch das programm Malwarebytes' Anti-Malware installiert bei mir ist der virus weg so wie es aussieht zumindest seh ich nichts mehr in der leiste aber irgend wie kann ich mein internet explorer nicht mehr öffnen, wenn ich es öffne ist da einfach nur ein weißer leerer bildschirm ich kann nur noch über firefox ins internet kann mir bitte bitte jemand weiter helfen???
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?![]() Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
ATTFilter netsvcs %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
Bitte poste in Deiner nächsten Antwort OTL.txt Extras.txt
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? OTL Logfile:
ATTFilter OTL logfile created on: 15.06.2010 18:34:38 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Bilal\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 278,53 Gb Free Space | 62,49% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BILAL-PC Current User Name: Bilal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.01.29 15:42:51 | 000,105,616 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Home\Meine Software\meine software.exe PRC - [2010.01.28 23:34:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe PRC - [2008.05.29 22:41:50 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.28 16:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007.08.24 04:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.06.07 19:25:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}: FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}: FF - prefs.js..extensions.enabledItems: {4b897551-0a2b-4159-99e7-3cd721caec78}: FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.28 17:50:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.13 22:26:23 | 000,000,000 | ---D | M] [2010.01.26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Extensions [2010.06.15 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions [2010.06.15 14:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.01 18:44:24 | 000,000,000 | ---D | M] (References.TV Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78} [2010.03.10 16:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.07 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.04.22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\firefox@tvunetworks.com [2010.06.15 14:10:40 | 000,001,819 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\bing.xml [2010.06.07 19:20:35 | 000,000,873 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\conduit.xml [2010.06.15 14:11:01 | 000,000,950 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin-1.xml [2010.06.09 20:50:47 | 000,000,947 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin.xml [2010.06.07 19:22:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk = C:\Programme\T-Home\Meine Software\meine software.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.06.15 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Uniblue [2010.06.15 15:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.06.15 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Malwarebytes [2010.06.15 14:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.15 14:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Local\Windows Server [2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec [2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03 [2010.06.07 19:38:43 | 000,000,000 | ---D | C] -- C:\Programme\phenomedia [2010.06.07 19:25:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.06.07 19:25:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.06.07 19:25:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.06.07 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software [2010.06.07 19:25:02 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.06.07 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.06.07 19:24:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.07 19:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_MOTION.TMP [2010.06.07 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Bilal\CyberLink [2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\CyberLink [2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ARADump [2010.06.07 19:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_ROTATE_SLIDE.TMP [2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings [2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar [2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter [2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Programme\Free Video Converter [2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.06.07 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft [2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.06.07 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\AllDup [2010.06.07 19:10:26 | 002,344,880 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx [2010.06.07 19:10:26 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx [2010.06.07 19:10:26 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx [2010.06.07 19:10:26 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx [2010.06.07 19:10:26 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx [2010.06.07 19:10:26 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll [2010.06.07 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup [2010.06.07 19:10:25 | 000,000,000 | ---D | C] -- C:\Programme\AllDup [2010.06.07 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Desktop\Download Programme [2010.05.31 21:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.05.31 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.20 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games [2010.05.20 18:27:52 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT [2010.05.20 18:27:39 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.25 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ICQ [2010.04.20 22:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx [2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1 [2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0 [2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.thumbnails [2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\gegl-0.0 [2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.gimp-2.6 [2010.04.04 11:44:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2010.04.03 10:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Wise Disk Cleaner [2010.04.03 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2010.04.03 10:15:02 | 000,000,000 | ---D | C] -- C:\Programme\Fighters [2010.02.15 19:56:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll [2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.15 18:36:03 | 003,145,728 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT [2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job [2010.06.15 18:20:45 | 000,007,592 | ---- | M] () -- C:\Users\Bilal\AppData\Local\d3d9caps.dat [2010.06.15 18:20:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.15 18:20:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 18:20:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 18:20:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.15 18:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2010.06.15 17:50:22 | 000,524,288 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 17:50:22 | 000,065,536 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.15 17:50:11 | 003,262,813 | -H-- | M] () -- C:\Users\Bilal\AppData\Local\IconCache.db [2010.06.15 16:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.14 23:50:29 | 000,003,162 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\wklnhst.dat [2010.06.14 23:50:27 | 000,010,540 | ---- | M] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx [2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job [2010.06.14 10:30:52 | 003,951,960 | ---- | M] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3 [2010.06.13 21:24:58 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job [2010.06.13 10:45:37 | 000,462,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.08 09:24:37 | 000,142,976 | ---- | M] () -- C:\Users\Bilal\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.07 19:49:27 | 000,091,136 | ---- | M] () -- C:\Users\Bilal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.07 11:52:10 | 000,001,398 | ---- | M] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk [2010.06.07 11:49:55 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.06.07 11:44:57 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.31 21:00:13 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.05.31 21:00:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.24 10:14:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.24 10:14:21 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.24 10:14:21 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.24 10:14:21 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.24 10:14:21 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.13 22:26:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.04.11 18:43:40 | 000,086,016 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx [2010.04.04 11:50:49 | 000,000,856 | ---- | M] () -- C:\Users\Bilal\.recently-used.xbel [2010.03.25 10:33:44 | 000,171,752 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx [2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.14 23:50:27 | 000,010,540 | ---- | C] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx [2010.06.14 10:30:51 | 003,951,960 | ---- | C] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3 [2010.06.07 11:49:54 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.06.07 11:44:57 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.31 21:00:13 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.05.31 21:00:13 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job [2010.05.31 21:00:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.31 20:54:03 | 000,001,398 | ---- | C] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk [2010.04.04 11:50:49 | 000,000,856 | ---- | C] () -- C:\Users\Bilal\.recently-used.xbel [2010.04.03 10:15:21 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job [2010.01.30 10:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.23 19:08:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.01.23 19:08:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.24 12:14:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.15 19:45:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI [2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.06.07 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\AllDup [2008.07.26 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Buhl Data Service GmbH [2010.06.07 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.15 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03 [2010.06.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter [2010.04.04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0 [2010.06.06 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\ICQ [2008.10.15 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Leadertech [2010.06.15 14:52:33 | 000,000,000 | -HSD | M] -- C:\Users\Bilal\AppData\Roaming\lowsec [2008.12.02 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Red Alert 3 [2008.09.04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Samsung [2010.01.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\T-Online [2009.06.28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\temp [2008.08.10 10:15:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Template [2010.06.07 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software [2009.10.28 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Ulead Systems [2010.06.15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Uniblue [2010.06.15 17:50:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Bilal-Startup.job [2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.05.26 14:52:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.06.15 18:20:26 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys [2010.01.26 19:32:49 | 000,000,427 | ---- | M] () -- C:\TO_InstallLog.txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs > < End of report > |
![]() | #4 |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2010 18:41:59 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Bilal\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 277,84 Gb Free Space | 62,33% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BILAL-PC Current User Name: Bilal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{5E16DC47-D205-4C3F-B575-BD69BE5C16CB}" = lport=2869 | protocol=6 | dir=in | app=system | "{9B16966D-8D48-4D35-8601-98813F9F374B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DC892DA5-1B13-4F97-890B-40A818A489CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F5E728-7C20-4088-9576-4A7400E34F77}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe | "{0A972E19-4102-4028-8E9D-989761DE841D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{10B40C44-9545-48F3-8E5B-8FFDF12B7920}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{1247EC03-416C-43A6-BE6A-DA79F59E2EF5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{27504290-C2D5-43D7-B94A-B638F414C069}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{33DC2FEC-4BDF-4454-A991-C7FD4FB786D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{38675879-E6E3-4CCB-9152-1D81D6701139}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe | "{405BAA7A-5D76-4EA5-B643-1D7069FA3B1C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{40D7386A-4B92-4E77-9B8C-926493495229}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{4C86442F-D973-48D2-A31E-42FC69AD0907}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{5056AC5D-1262-484A-B44C-380F3D70AB34}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe | "{5D197E05-0E75-4803-B724-0A4852D2AF9E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{5EBF3F45-9D4F-4692-8F8C-2C07CEB0CF65}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | "{5F8B1396-C3C8-41D8-A8A4-4688DEF88C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{6D546FAD-F735-45EB-9BA6-D701E211351D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{714F11E8-DD01-4C3B-B26E-34751DCBF7BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{76F71244-D405-4542-906D-2A4095421B49}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{95A90A0B-10D7-4C98-A858-4D331C1D3B8C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{9F6700FE-9205-4A77-9E8F-2166DC360AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ABCCEC0B-658B-41EF-B5FA-D2766587E4A7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{B211E0F4-F5D4-4BD6-88B0-F93F66B08C5A}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe | "{B68CCB56-F9B4-4C94-AA56-277682AD988C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{BB297C6B-2984-4D63-915D-664B6EE3F0AD}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{BEDA288E-57C3-45E6-91DA-CA5AAEEDD473}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C28CA879-C5D7-4217-AEF5-223036E7413D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{C8F4645C-C31D-4A1A-ADD0-3BFAB47B6D06}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | "{CDF25EED-406E-44B4-8901-C3BF8E2DFB8C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{D95B8B97-B347-4567-9E0A-A3541876E324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{EA3E73CF-3AC5-4D59-A3E7-D842C9B48A3D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{F0B8CBBF-4E61-4F24-BD3F-601ED459024C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{FE4F939F-45A8-48EB-91C0-46F7A390AB2F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FF1A608B-4328-4B6A-AF40-92563505E0F2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "TCP Query User{2CF9C666-4609-466C-B8B9-0083A08AEB32}C:\users\bilal\desktop\pes2009.exe" = protocol=6 | dir=in | app=c:\users\bilal\desktop\pes2009.exe | "TCP Query User{6B1CE62E-075B-4EAF-9910-9908612B57D0}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "TCP Query User{A0CC8D63-ADE4-4744-9D10-4CB73EDCE181}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{D911D2B7-B4D7-47E0-952D-7FCCFFEFCCE6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{EDBF380F-8505-4321-B131-36ED3EAEC327}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1470936D-AE4F-44FC-A8BA-3C936857A9C7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{1654793B-D1D3-4DF1-88E3-2793E9BD832C}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "UDP Query User{26535369-06E8-4959-92E5-0728E8C65238}C:\users\bilal\desktop\pes2009.exe" = protocol=17 | dir=in | app=c:\users\bilal\desktop\pes2009.exe | "UDP Query User{63DEF288-96E6-4C05-9ED3-F1614922F8D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{D0B7033C-F79C-4020-BF05-71F60D075717}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004 "{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR "{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3 "{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio "{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War "{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AllDup_is1" = AllDup 3.0.2 "avast!" = avast! Antivirus "Das Reich des Drachen" = Das Reich des Drachen "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3 "Free Video Converter_is1" = Free Video Converter V 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5 "FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09 "Games_Bar_1 Toolbar" = Games_Bar_1 Toolbar "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0)" = Mozilla Firefox (3.0) "Mystery P.I. – The Vegas Heist" = Mystery P.I. – The Vegas Heist "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "PROSetDX" = Intel(R) Network Connections "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Shockwave" = Shockwave "SLOW-PCfighter" = SLOW-PCfighter "Telekom Fotoservice" = Telekom Fotoservice "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall "VLC media player" = VLC media player 1.0.5 "Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.2 "Works2004Setup" = Setup-Start von Microsoft Works 2004 "X10Hardware" = X10 Hardware(TM) ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 15.03.2010 18:43:21 | Computer Name = Bilal-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Bilal\AppData\Local\Google\Google Desktop\ea2e27f9b326\uinfo.dat failed, 00000005. [ Application Events ] Error - 25.05.2010 06:31:14 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10 Description = Error - 25.05.2010 09:14:18 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10 Description = Error - 25.05.2010 09:39:22 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a, Prozess-ID 0xbbc, Anwendungsstartzeit 01cafc0f9926d380. Error - 25.05.2010 09:49:09 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a, Prozess-ID 0x17f8, Anwendungsstartzeit 01cafc0fb004dc50. Error - 25.05.2010 09:49:40 | Computer Name = Bilal-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1190 Anfangszeit: 01cafc0c26b63960 Zeitpunkt der Beendigung: 11 Error - 25.05.2010 15:26:04 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10 Description = Error - 25.05.2010 16:54:07 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel 0x4b835fec, fehlerhaftes Modul IEShims.dll, Version 8.0.6001.18904, Zeitstempel 0x4b8376f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e16, Prozess-ID 0xcf0, Anwendungsstartzeit 01cafc4c6a802710. Error - 26.05.2010 04:38:30 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10 Description = Error - 26.05.2010 06:42:17 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x000675ff, Prozess-ID 0x1304, Anwendungsstartzeit 01cafcbedb1de620. Error - 26.05.2010 09:18:58 | Computer Name = Bilal-PC | Source = ESENT | ID = 215 Description = wlcomm (5084) C:\Users\Bilal\AppData\Local\Microsoft\Windows Live Contacts\{20fc84b8-d7f6-4ee4-9ddf-76725d18ba40}\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. [ System Events ] Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875 Description = Treiber sfvfs02.sys konnte nicht geladen werden. Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7009 Description = Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? Schritt 1 Software mit Revo Uninstaller deinstallieren Downloade Dir bitte den Revo Uninstaller
Bebilderte Anleitung Schritt 2 Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan) Downloade Dir bitte Malwarebytes
Schritt 3
ATTFilter :OTL IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) [2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found [2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec [2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03 [2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings [2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar [2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft [2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1 :services :files :reg [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"=Dword:00000000 "ProxyServer"="" :Commands [purity] [emptytemp] [reboot]
Schritt 4 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
ATTFilter /md5start user32.dll ws2_32.dll /md5stop
Bitte poste in Deiner nächsten Antwort Log von MBAM Log von OTLFix OTL.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (15.06.2010 um 20:13 Uhr) |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4201 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 15.06.2010 22:35:26 mbam-log-2010-06-15 (22-35-26).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 132744 Laufzeit: 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Bilal\AppData\Local\Temp\scmroewnxa.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. |
![]() | #7 |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found. File C:\Programme\Games_Bar_1\tbGame.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Programme\Search Settings\SearchSettings.dll not found. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully. C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found. File C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found. File C:\Programme\Games_Bar_1\tbGame.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Programme\Search Settings\SearchSettings.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found. File C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found. File C:\Programme\Games_Bar_1\tbGame.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}\ not found. File C:\Programme\Games_Bar_1\tbGame.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found. File C:\Programme\Search Settings\SearchSettings.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found. File K:\LaunchU3.exe not found. C:\Users\Bilal\AppData\Roaming\lowsec folder moved successfully. C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03 folder moved successfully. Folder C:\Programme\Search Settings\ not found. Folder C:\Programme\Dealio Toolbar\ not found. Folder C:\Programme\DVDVideoSoftTB\ not found. C:\Users\Bilal\Documents\DVDVideoSoft\Temp folder moved successfully. C:\Users\Bilal\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter folder moved successfully. C:\Users\Bilal\Documents\DVDVideoSoft folder moved successfully. C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter folder moved successfully. C:\Programme\DVDVideoSoft\Free Audio CD Burner folder moved successfully. Folder move failed. C:\Programme\DVDVideoSoft scheduled to be moved on reboot. C:\Programme\Common Files\DVDVideoSoft\TB folder moved successfully. C:\Programme\Common Files\DVDVideoSoft\Dll folder moved successfully. C:\Programme\Common Files\DVDVideoSoft folder moved successfully. C:\Programme\Conduit\Community Alerts folder moved successfully. Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. Folder C:\Programme\Games_Bar_1\ not found. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|Dword:00000000 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bilal ->Temp folder emptied: 3815203 bytes ->Temporary Internet Files folder emptied: 1156312036 bytes ->Java cache emptied: 1575232 bytes ->FireFox cache emptied: 50748829 bytes ->Google Chrome cache emptied: 7309217 bytes ->Flash cache emptied: 1050 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3223368 bytes RecycleBin emptied: 1384 bytes Total Files Cleaned = 1.166,00 mb OTL by OldTimer - Version log created on 06152010_224043 Files\Folders moved on Reboot... Folder move failed. C:\Programme\DVDVideoSoft scheduled to be moved on reboot. Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. File\Folder C:\Windows\temp\JET648C.tmp not found! Registry entries deleted on Reboot... |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2010 22:45:26 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Bilal\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 280,26 Gb Free Space | 62,87% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BILAL-PC Current User Name: Bilal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.01.29 15:42:51 | 000,105,616 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Home\Meine Software\meine software.exe PRC - [2010.01.28 23:34:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe PRC - [2008.05.29 22:41:50 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.28 16:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007.08.24 04:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.06.07 19:25:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}: FF - prefs.js..extensions.enabledItems: {4b897551-0a2b-4159-99e7-3cd721caec78}: FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.28 17:50:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.15 19:13:46 | 000,000,000 | ---D | M] [2010.01.26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Extensions [2010.06.15 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions [2010.06.15 14:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.01 18:44:24 | 000,000,000 | ---D | M] (References.TV Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78} [2010.03.10 16:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.07 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\firefox@tvunetworks.com [2010.06.15 14:10:40 | 000,001,819 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\bing.xml [2010.06.07 19:20:35 | 000,000,873 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\conduit.xml [2010.06.15 14:11:01 | 000,000,950 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin-1.xml [2010.06.09 20:50:47 | 000,000,947 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin.xml [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk = C:\Programme\T-Home\Meine Software\meine software.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.06.15 22:40:43 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.15 21:18:05 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group [2010.06.15 19:13:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.06.15 19:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.15 18:30:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe [2010.06.15 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Uniblue [2010.06.15 15:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.06.15 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Malwarebytes [2010.06.15 14:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.15 14:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Local\Windows Server [2010.06.07 19:38:43 | 000,000,000 | ---D | C] -- C:\Programme\phenomedia [2010.06.07 19:25:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.06.07 19:25:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.06.07 19:25:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.06.07 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software [2010.06.07 19:25:02 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.06.07 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.06.07 19:24:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.07 19:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_MOTION.TMP [2010.06.07 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Bilal\CyberLink [2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\CyberLink [2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ARADump [2010.06.07 19:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_ROTATE_SLIDE.TMP [2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter [2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Programme\Free Video Converter [2010.06.07 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.06.07 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\AllDup [2010.06.07 19:10:26 | 002,344,880 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx [2010.06.07 19:10:26 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx [2010.06.07 19:10:26 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx [2010.06.07 19:10:26 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx [2010.06.07 19:10:26 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx [2010.06.07 19:10:26 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll [2010.06.07 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup [2010.06.07 19:10:25 | 000,000,000 | ---D | C] -- C:\Programme\AllDup [2010.06.07 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Desktop\Download Programme [2010.05.31 21:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.05.31 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.20 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games [2010.05.20 18:27:52 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT [2010.05.20 18:27:39 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.25 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ICQ [2010.04.20 22:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx [2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0 [2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.thumbnails [2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\gegl-0.0 [2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.gimp-2.6 [2010.04.04 11:44:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2010.04.03 10:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Wise Disk Cleaner [2010.04.03 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2010.04.03 10:15:02 | 000,000,000 | ---D | C] -- C:\Programme\Fighters [2010.02.15 19:56:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll [2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.15 22:47:55 | 003,145,728 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT [2010.06.15 22:42:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job [2010.06.15 22:42:30 | 000,007,592 | ---- | M] () -- C:\Users\Bilal\AppData\Local\d3d9caps.dat [2010.06.15 22:42:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.15 22:42:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 22:42:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 22:42:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.15 22:42:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.15 22:42:13 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2010.06.15 22:41:30 | 000,524,288 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 22:41:30 | 000,065,536 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.15 22:28:31 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.15 22:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job [2010.06.15 21:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.15 21:24:26 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job [2010.06.15 21:18:06 | 000,001,061 | ---- | M] () -- C:\Users\Bilal\Desktop\Revo Uninstaller.lnk [2010.06.15 19:13:46 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe [2010.06.15 17:50:11 | 003,262,813 | -H-- | M] () -- C:\Users\Bilal\AppData\Local\IconCache.db [2010.06.14 23:50:29 | 000,003,162 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\wklnhst.dat [2010.06.14 23:50:27 | 000,010,540 | ---- | M] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx [2010.06.14 10:30:52 | 003,951,960 | ---- | M] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3 [2010.06.13 10:45:37 | 000,462,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.08 09:24:37 | 000,142,976 | ---- | M] () -- C:\Users\Bilal\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.07 19:49:27 | 000,091,136 | ---- | M] () -- C:\Users\Bilal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.07 11:52:10 | 000,001,398 | ---- | M] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk [2010.06.07 11:49:55 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.06.07 11:44:57 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.31 21:00:13 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.05.31 21:00:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.24 10:14:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.24 10:14:21 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.24 10:14:21 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.24 10:14:21 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.24 10:14:21 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.11 18:43:40 | 000,086,016 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx [2010.04.04 11:50:49 | 000,000,856 | ---- | M] () -- C:\Users\Bilal\.recently-used.xbel [2010.03.25 10:33:44 | 000,171,752 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx [2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.15 22:28:31 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.15 21:18:06 | 000,001,061 | ---- | C] () -- C:\Users\Bilal\Desktop\Revo Uninstaller.lnk [2010.06.15 19:13:46 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.14 23:50:27 | 000,010,540 | ---- | C] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx [2010.06.14 10:30:51 | 003,951,960 | ---- | C] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3 [2010.06.07 11:49:54 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.06.07 11:44:57 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.31 21:00:13 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.05.31 21:00:13 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job [2010.05.31 21:00:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.31 20:54:03 | 000,001,398 | ---- | C] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk [2010.04.04 11:50:49 | 000,000,856 | ---- | C] () -- C:\Users\Bilal\.recently-used.xbel [2010.04.03 10:15:21 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job [2010.01.30 10:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.23 19:08:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.01.23 19:08:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.24 12:14:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.15 19:45:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI [2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.06.07 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\AllDup [2008.07.26 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Buhl Data Service GmbH [2010.06.07 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter [2010.04.04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0 [2010.06.06 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\ICQ [2008.10.15 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Leadertech [2008.12.02 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Red Alert 3 [2008.09.04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Samsung [2010.01.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\T-Online [2009.06.28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\temp [2008.08.10 10:15:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Template [2010.06.07 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software [2009.10.28 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Ulead Systems [2010.06.15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Uniblue [2010.06.15 22:41:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.15 22:42:37 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Bilal-Startup.job [2010.06.15 22:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: WS2_32.DLL > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll < End of report > |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? IE sollte jetzt wieder gehen. Wenn nicht teile mir das bitte mit Bitte
Bitte poste in Deiner nächsten Antwort Gmer.txt
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? ich hab es runter geladen und es zeigt mir zum 3mal an das, dass programm einen fehler hat und beendet werden muss danach fährt er den pc automatisch runter. was soll ich machen??? bitte um rückmeldung |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? kannst Du mir bitte die genaue Fehlermeldung mitteilen. Rootkitsuche mit SysProt
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? ich kann das nicht downloaden wenn ich auf den link geh dann unten auf download zeit er mit an die webseite kann nicht angezeigt werden. MFG Bilal |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? HAT JETZT DOCH GEKLAPPT ABER MUSS ES TEIELEN WEIL ES ÜBER 100000 ZEICHEN HAT MIT "GMER" MFG BILAL GMER - hxxp://www.gmer.net Rootkit scan 2010-06-18 12:04:44 Windows 6.0.6002 Service Pack 2 Running: oxm7md72.exe; Driver: C:\Users\Bilal\AppData\Local\Temp\kwlcqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x828E32D6] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x828E34C8] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x828E2F44] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x828E36D0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 209 81EC296C 3 Bytes [D6, 32, 8E] .text ntkrnlpa.exe!KeSetEvent + 20D 81EC2970 3 Bytes [C8, 34, 8E] .text ntkrnlpa.exe!KeSetEvent + 621 81EC2D84 3 Bytes [44, 2F, 8E] .text ntkrnlpa.exe!KeSetEvent + 6E5 81EC2E48 4 Bytes [D0, 36, 8E, 82] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC08340, 0x3D9767, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7C, 71] {JL 0x73} .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9A, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [88, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [85, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8E, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A0, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9D, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [91, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [82, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [97, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [94, 71] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7F, 71] {JG 0x73} .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8B, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73} .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9A, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71] |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9E, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [97, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71] .text C:\Windows\system32\AUDIODG.EXE[1292] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000 .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\SLsvc.exe[1356] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000 .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71] .text C:\Windows\system32\conime.exe[1632] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A .text C:\Windows\system32\conime.exe[1632] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A .text C:\Windows\system32\conime.exe[1632] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Windows\system32\conime.exe[1632] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\conime.exe[1632] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F] .text C:\Windows\system32\conime.exe[1632] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1792] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000 .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] |
![]() | ![]() Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000 .text C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] kernel32.dll!CreateThread + 1A 77B1C928 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtClose + 4 77C14318 2 Bytes [38, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [5B, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [A1, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [44, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [41, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [4A, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [9B, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [61, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [5E, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [4D, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [98, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [3E, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [58, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [55, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [3B, 71] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [47, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73} .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [99, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9C, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [96, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9B, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9E, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73} .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [96, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9B, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73} .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71] .text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E] |
