Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? (https://www.trojaner-board.de/87183-virus-anti-malware-doktor-ueberpruefe-vollstaendige-loeschung.html)

Bilal1988 15.06.2010 14:58
Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?
 
hallo Marvin_1980

ich hab genau das selbe problem gehabt wie du dann hab ich auch das programm Malwarebytes' Anti-Malware installiert bei mir ist der virus weg so wie es aussieht zumindest seh ich nichts mehr in der leiste aber irgend wie kann ich mein internet explorer nicht mehr öffnen, wenn ich es öffne ist da einfach nur ein weißer leerer bildschirm ich kann nur noch über firefox ins internet kann mir bitte bitte jemand weiter helfen???

Larusso 15.06.2010 16:28
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

Bilal1988 15.06.2010 17:40
OTL Logfile:
Code:
OTL logfile created on: 15.06.2010 18:34:38 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Users\Bilal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 278,53 Gb Free Space | 62,49% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILAL-PC
Current User Name: Bilal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.01.29 15:42:51 | 000,105,616 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Home\Meine Software\meine software.exe
PRC - [2010.01.28 23:34:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2008.05.29 22:41:50 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.28 16:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.08.24 04:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.07 19:25:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57300
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {4b897551-0a2b-4159-99e7-3cd721caec78}:2.5.8.6
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.28 17:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.13 22:26:23 | 000,000,000 | ---D | M]
 
[2010.01.26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Extensions
[2010.06.15 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions
[2010.06.15 14:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.01 18:44:24 | 000,000,000 | ---D | M] (References.TV Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78}
[2010.03.10 16:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.04.22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\firefox@tvunetworks.com
[2010.06.15 14:10:40 | 000,001,819 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\bing.xml
[2010.06.07 19:20:35 | 000,000,873 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\conduit.xml
[2010.06.15 14:11:01 | 000,000,950 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin-1.xml
[2010.06.09 20:50:47 | 000,000,947 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin.xml
[2010.06.07 19:22:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk = C:\Programme\T-Home\Meine Software\meine software.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.15 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 15:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.15 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Malwarebytes
[2010.06.15 14:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.15 14:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Local\Windows Server
[2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.07 19:38:43 | 000,000,000 | ---D | C] -- C:\Programme\phenomedia
[2010.06.07 19:25:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.06.07 19:25:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.06.07 19:25:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.06.07 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2010.06.07 19:25:02 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.06.07 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.06.07 19:24:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.07 19:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_MOTION.TMP
[2010.06.07 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Bilal\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ARADump
[2010.06.07 19:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_ROTATE_SLIDE.TMP
[2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Programme\Free Video Converter
[2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.06.07 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.06.07 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2010.06.07 19:10:26 | 002,344,880 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx
[2010.06.07 19:10:26 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx
[2010.06.07 19:10:26 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2010.06.07 19:10:26 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.06.07 19:10:26 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx
[2010.06.07 19:10:26 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll
[2010.06.07 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup
[2010.06.07 19:10:25 | 000,000,000 | ---D | C] -- C:\Programme\AllDup
[2010.06.07 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Desktop\Download Programme
[2010.05.31 21:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.05.31 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.20 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2010.05.20 18:27:52 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2010.05.20 18:27:39 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ICQ
[2010.04.20 22:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.thumbnails
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\gegl-0.0
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.gimp-2.6
[2010.04.04 11:44:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.04.03 10:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Wise Disk Cleaner
[2010.04.03 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2010.04.03 10:15:02 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2010.02.15 19:56:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.15 18:36:03 | 003,145,728 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT
[2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.15 18:20:45 | 000,007,592 | ---- | M] () -- C:\Users\Bilal\AppData\Local\d3d9caps.dat
[2010.06.15 18:20:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.15 18:20:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 18:20:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 18:20:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.15 18:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.15 17:50:22 | 000,524,288 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 17:50:22 | 000,065,536 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 17:50:11 | 003,262,813 | -H-- | M] () -- C:\Users\Bilal\AppData\Local\IconCache.db
[2010.06.15 16:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.14 23:50:29 | 000,003,162 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\wklnhst.dat
[2010.06.14 23:50:27 | 000,010,540 | ---- | M] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
[2010.06.14 10:30:52 | 003,951,960 | ---- | M] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.13 21:24:58 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.06.13 10:45:37 | 000,462,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.08 09:24:37 | 000,142,976 | ---- | M] () -- C:\Users\Bilal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.07 19:49:27 | 000,091,136 | ---- | M] () -- C:\Users\Bilal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 11:52:10 | 000,001,398 | ---- | M] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.06.07 11:49:55 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.24 10:14:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.24 10:14:21 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.24 10:14:21 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.24 10:14:21 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.24 10:14:21 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.13 22:26:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.11 18:43:40 | 000,086,016 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.04.04 11:50:49 | 000,000,856 | ---- | M] () -- C:\Users\Bilal\.recently-used.xbel
[2010.03.25 10:33:44 | 000,171,752 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.14 23:50:27 | 000,010,540 | ---- | C] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 10:30:51 | 003,951,960 | ---- | C] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.07 11:49:54 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:13 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.05.31 21:00:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.31 20:54:03 | 000,001,398 | ---- | C] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.04.04 11:50:49 | 000,000,856 | ---- | C] () -- C:\Users\Bilal\.recently-used.xbel
[2010.04.03 10:15:21 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.01.30 10:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.23 19:08:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.01.23 19:08:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.24 12:14:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.15 19:45:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI
[2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.06.07 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2008.07.26 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Buhl Data Service GmbH
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.15 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.04.04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.06.06 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\ICQ
[2008.10.15 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Leadertech
[2010.06.15 14:52:33 | 000,000,000 | -HSD | M] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2008.12.02 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Red Alert 3
[2008.09.04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Samsung
[2010.01.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\T-Online
[2009.06.28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\temp
[2008.08.10 10:15:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Template
[2010.06.07 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2009.10.28 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Ulead Systems
[2010.06.15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 17:50:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.15 18:21:42 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.14 19:33:47 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.05.26 14:52:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.15 18:20:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.05.27 07:54:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.15 18:20:26 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
[2010.01.26 19:32:49 | 000,000,427 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
< End of report >
--- --- ---

Bilal1988 15.06.2010 17:46
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 15.06.2010 18:41:59 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Users\Bilal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 277,84 Gb Free Space | 62,33% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILAL-PC
Current User Name: Bilal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E16DC47-D205-4C3F-B575-BD69BE5C16CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B16966D-8D48-4D35-8601-98813F9F374B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DC892DA5-1B13-4F97-890B-40A818A489CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F5E728-7C20-4088-9576-4A7400E34F77}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{0A972E19-4102-4028-8E9D-989761DE841D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{10B40C44-9545-48F3-8E5B-8FFDF12B7920}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{1247EC03-416C-43A6-BE6A-DA79F59E2EF5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{27504290-C2D5-43D7-B94A-B638F414C069}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{33DC2FEC-4BDF-4454-A991-C7FD4FB786D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38675879-E6E3-4CCB-9152-1D81D6701139}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{405BAA7A-5D76-4EA5-B643-1D7069FA3B1C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{40D7386A-4B92-4E77-9B8C-926493495229}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4C86442F-D973-48D2-A31E-42FC69AD0907}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{5056AC5D-1262-484A-B44C-380F3D70AB34}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{5D197E05-0E75-4803-B724-0A4852D2AF9E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5EBF3F45-9D4F-4692-8F8C-2C07CEB0CF65}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{5F8B1396-C3C8-41D8-A8A4-4688DEF88C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{6D546FAD-F735-45EB-9BA6-D701E211351D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{714F11E8-DD01-4C3B-B26E-34751DCBF7BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{76F71244-D405-4542-906D-2A4095421B49}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{95A90A0B-10D7-4C98-A858-4D331C1D3B8C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9F6700FE-9205-4A77-9E8F-2166DC360AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABCCEC0B-658B-41EF-B5FA-D2766587E4A7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{B211E0F4-F5D4-4BD6-88B0-F93F66B08C5A}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{B68CCB56-F9B4-4C94-AA56-277682AD988C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BB297C6B-2984-4D63-915D-664B6EE3F0AD}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{BEDA288E-57C3-45E6-91DA-CA5AAEEDD473}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C28CA879-C5D7-4217-AEF5-223036E7413D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C8F4645C-C31D-4A1A-ADD0-3BFAB47B6D06}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{CDF25EED-406E-44B4-8901-C3BF8E2DFB8C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{D95B8B97-B347-4567-9E0A-A3541876E324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA3E73CF-3AC5-4D59-A3E7-D842C9B48A3D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F0B8CBBF-4E61-4F24-BD3F-601ED459024C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{FE4F939F-45A8-48EB-91C0-46F7A390AB2F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF1A608B-4328-4B6A-AF40-92563505E0F2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{2CF9C666-4609-466C-B8B9-0083A08AEB32}C:\users\bilal\desktop\pes2009.exe" = protocol=6 | dir=in | app=c:\users\bilal\desktop\pes2009.exe |
"TCP Query User{6B1CE62E-075B-4EAF-9910-9908612B57D0}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"TCP Query User{A0CC8D63-ADE4-4744-9D10-4CB73EDCE181}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D911D2B7-B4D7-47E0-952D-7FCCFFEFCCE6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{EDBF380F-8505-4321-B131-36ED3EAEC327}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1470936D-AE4F-44FC-A8BA-3C936857A9C7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1654793B-D1D3-4DF1-88E3-2793E9BD832C}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{26535369-06E8-4959-92E5-0728E8C65238}C:\users\bilal\desktop\pes2009.exe" = protocol=17 | dir=in | app=c:\users\bilal\desktop\pes2009.exe |
"UDP Query User{63DEF288-96E6-4C05-9ED3-F1614922F8D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D0B7033C-F79C-4020-BF05-71F60D075717}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AllDup_is1" = AllDup 3.0.2
"avast!" = avast! Antivirus
"Das Reich des Drachen" = Das Reich des Drachen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video Converter_is1" = Free Video Converter V 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Games_Bar_1 Toolbar" = Games_Bar_1 Toolbar
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"Mystery P.I. – The Vegas Heist" = Mystery P.I. – The Vegas Heist
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SLOW-PCfighter" = SLOW-PCfighter
"Telekom Fotoservice" = Telekom Fotoservice
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.2
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 15.03.2010 18:43:21 | Computer Name = Bilal-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Bilal\AppData\Local\Google\Google Desktop\ea2e27f9b326\uinfo.dat failed,
 00000005. 
 
[ Application Events ]
Error - 25.05.2010 06:31:14 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.05.2010 09:14:18 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.05.2010 09:39:22 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0xbbc, Anwendungsstartzeit
 01cafc0f9926d380.
 
Error - 25.05.2010 09:49:09 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x17f8,
Anwendungsstartzeit 01cafc0fb004dc50.
 
Error - 25.05.2010 09:49:40 | Computer Name = Bilal-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1190  Anfangszeit: 01cafc0c26b63960  Zeitpunkt
 der Beendigung: 11
 
Error - 25.05.2010 15:26:04 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.05.2010 16:54:07 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul IEShims.dll, Version 8.0.6001.18904, Zeitstempel
 0x4b8376f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e16,  Prozess-ID 0xcf0,
Anwendungsstartzeit 01cafc4c6a802710.
 
Error - 26.05.2010 04:38:30 | Computer Name = Bilal-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.05.2010 06:42:17 | Computer Name = Bilal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000675ff,  Prozess-ID 0x1304, Anwendungsstartzeit
 01cafcbedb1de620.
 
Error - 26.05.2010 09:18:58 | Computer Name = Bilal-PC | Source = ESENT | ID = 215
Description = wlcomm (5084) C:\Users\Bilal\AppData\Local\Microsoft\Windows Live
Contacts\{20fc84b8-d7f6-4ee4-9ddf-76725d18ba40}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ System Events ]
Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 15.06.2010 09:31:25 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 15.06.2010 09:31:59 | Computer Name = Bilal-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 15.06.2010 12:20:10 | Computer Name = Bilal-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.06.2010 12:22:09 | Computer Name = Bilal-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

Larusso 15.06.2010 20:00
Schritt 1

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    Search Settings v1.2.3
    DVDVideoSoftTB Toolbar
    Dealio Toolbar
    Games Bar 1 Toolbar
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung


Schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.



Schritt 3
Code:
:OTL
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Programme\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell - "" = AutoRun
O33 - MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
[2010.06.15 13:51:16 | 000,000,000 | -HSD | C] -- C:\Users\Bilal\AppData\Roaming\lowsec
[2010.06.15 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03
[2010.06.07 19:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Search Settings
[2010.06.07 19:22:28 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar
[2010.06.07 19:20:25 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.06.07 19:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.08 16:49:14 | 000,000,000 | ---D | C] -- C:\Programme\Games_Bar_1
:services
:files
:reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=Dword:00000000
"ProxyServer"=""
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
/md5start
user32.dll
ws2_32.dll
/md5stop


Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von OTLFix
OTL.txt

Bilal1988 15.06.2010 21:36
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4201

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

15.06.2010 22:35:26
mbam-log-2010-06-15 (22-35-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132744
Laufzeit: 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Bilal\AppData\Local\Temp\scmroewnxa.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

Bilal1988 15.06.2010 21:44
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
File C:\Programme\Games_Bar_1\tbGame.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\Search Settings\SearchSettings.dll not found.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
File C:\Programme\Games_Bar_1\tbGame.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\Search Settings\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
File C:\Programme\Games_Bar_1\tbGame.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}\ not found.
File C:\Programme\Games_Bar_1\tbGame.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Programme\Search Settings\SearchSettings.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5734ef6-010d-11de-9963-0015af5855f8}\ not found.
File K:\LaunchU3.exe not found.
C:\Users\Bilal\AppData\Roaming\lowsec folder moved successfully.
C:\Users\Bilal\AppData\Roaming\E0B048B4C0008FA5EA948BBAC4FB6C03 folder moved successfully.
Folder C:\Programme\Search Settings\ not found.
Folder C:\Programme\Dealio Toolbar\ not found.
Folder C:\Programme\DVDVideoSoftTB\ not found.
C:\Users\Bilal\Documents\DVDVideoSoft\Temp folder moved successfully.
C:\Users\Bilal\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter folder moved successfully.
C:\Users\Bilal\Documents\DVDVideoSoft folder moved successfully.
C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter folder moved successfully.
C:\Programme\DVDVideoSoft\Free Audio CD Burner folder moved successfully.
Folder move failed. C:\Programme\DVDVideoSoft scheduled to be moved on reboot.
C:\Programme\Common Files\DVDVideoSoft\TB folder moved successfully.
C:\Programme\Common Files\DVDVideoSoft\Dll folder moved successfully.
C:\Programme\Common Files\DVDVideoSoft folder moved successfully.
C:\Programme\Conduit\Community Alerts folder moved successfully.
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.
Folder C:\Programme\Games_Bar_1\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|Dword:00000000 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bilal
->Temp folder emptied: 3815203 bytes
->Temporary Internet Files folder emptied: 1156312036 bytes
->Java cache emptied: 1575232 bytes
->FireFox cache emptied: 50748829 bytes
->Google Chrome cache emptied: 7309217 bytes
->Flash cache emptied: 1050 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3223368 bytes
RecycleBin emptied: 1384 bytes

Total Files Cleaned = 1.166,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06152010_224043

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\DVDVideoSoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET648C.tmp not found!

Registry entries deleted on Reboot...

Bilal1988 15.06.2010 21:49
OTL Logfile:
Code:
OTL logfile created on: 15.06.2010 22:45:26 - Run 2
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Users\Bilal\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 280,26 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,02 Gb Free Space | 55,14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILAL-PC
Current User Name: Bilal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.01.29 15:42:51 | 000,105,616 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Home\Meine Software\meine software.exe
PRC - [2010.01.28 23:34:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2008.05.29 22:41:50 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.28 16:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.08.24 04:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.07 19:25:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.27 21:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.05.30 20:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {4b897551-0a2b-4159-99e7-3cd721caec78}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.28 17:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.15 19:13:46 | 000,000,000 | ---D | M]
 
[2010.01.26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Extensions
[2010.06.15 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions
[2010.06.15 14:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.01 18:44:24 | 000,000,000 | ---D | M] (References.TV Toolbar) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78}
[2010.03.10 16:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.22 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\mozilla\Firefox\Profiles\llkfgiu3.default\extensions\firefox@tvunetworks.com
[2010.06.15 14:10:40 | 000,001,819 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\bing.xml
[2010.06.07 19:20:35 | 000,000,873 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\conduit.xml
[2010.06.15 14:11:01 | 000,000,950 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin-1.xml
[2010.06.09 20:50:47 | 000,000,947 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\Mozilla\FireFox\Profiles\llkfgiu3.default\searchplugins\icqplugin.xml
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk = C:\Programme\T-Home\Meine Software\meine software.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.15 22:40:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.15 21:18:05 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2010.06.15 19:13:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.06.15 19:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.15 18:30:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe
[2010.06.15 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 15:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.15 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\Malwarebytes
[2010.06.15 14:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.15 14:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.15 14:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Local\Windows Server
[2010.06.07 19:38:43 | 000,000,000 | ---D | C] -- C:\Programme\phenomedia
[2010.06.07 19:25:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.06.07 19:25:43 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.06.07 19:25:43 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.06.07 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2010.06.07 19:25:02 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.06.07 19:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.06.07 19:24:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.07 19:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_MOTION.TMP
[2010.06.07 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Bilal\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\CyberLink
[2010.06.07 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ARADump
[2010.06.07 19:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Bilal\PP_ROTATE_SLIDE.TMP
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.06.07 19:21:59 | 000,000,000 | ---D | C] -- C:\Programme\Free Video Converter
[2010.06.07 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.07 19:20:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.07 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2010.06.07 19:10:26 | 002,344,880 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx
[2010.06.07 19:10:26 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx
[2010.06.07 19:10:26 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2010.06.07 19:10:26 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.06.07 19:10:26 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx
[2010.06.07 19:10:26 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll
[2010.06.07 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup
[2010.06.07 19:10:25 | 000,000,000 | ---D | C] -- C:\Programme\AllDup
[2010.06.07 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Desktop\Download Programme
[2010.05.31 21:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.05.31 21:00:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.05.31 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.05.31 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.20 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2010.05.20 18:27:52 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2010.05.20 18:27:39 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\ICQ
[2010.04.20 22:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.08 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.04.04 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.thumbnails
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\Documents\gegl-0.0
[2010.04.04 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Bilal\.gimp-2.6
[2010.04.04 11:44:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.04.03 10:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Wise Disk Cleaner
[2010.04.03 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2010.04.03 10:15:02 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2010.02.15 19:56:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.15 22:47:55 | 003,145,728 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT
[2010.06.15 22:42:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.15 22:42:30 | 000,007,592 | ---- | M] () -- C:\Users\Bilal\AppData\Local\d3d9caps.dat
[2010.06.15 22:42:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.15 22:42:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 22:42:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 22:42:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.15 22:42:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.15 22:42:13 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.15 22:41:30 | 000,524,288 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 22:41:30 | 000,065,536 | -HS- | M] () -- C:\Users\Bilal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 22:28:31 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.15 22:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
[2010.06.15 21:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.15 21:24:26 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.06.15 21:18:06 | 000,001,061 | ---- | M] () -- C:\Users\Bilal\Desktop\Revo Uninstaller.lnk
[2010.06.15 19:13:46 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.15 18:30:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bilal\Desktop\OTL.exe
[2010.06.15 17:50:11 | 003,262,813 | -H-- | M] () -- C:\Users\Bilal\AppData\Local\IconCache.db
[2010.06.14 23:50:29 | 000,003,162 | ---- | M] () -- C:\Users\Bilal\AppData\Roaming\wklnhst.dat
[2010.06.14 23:50:27 | 000,010,540 | ---- | M] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 10:30:52 | 003,951,960 | ---- | M] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.13 10:45:37 | 000,462,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.08 09:24:37 | 000,142,976 | ---- | M] () -- C:\Users\Bilal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.07 19:49:27 | 000,091,136 | ---- | M] () -- C:\Users\Bilal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 11:52:10 | 000,001,398 | ---- | M] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.06.07 11:49:55 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.24 10:14:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.24 10:14:21 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.24 10:14:21 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.24 10:14:21 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.24 10:14:21 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.11 18:43:40 | 000,086,016 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2010.04.04 11:50:49 | 000,000,856 | ---- | M] () -- C:\Users\Bilal\.recently-used.xbel
[2010.03.25 10:33:44 | 000,171,752 | ---- | M] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2 C:\Users\Bilal\*.tmp files -> C:\Users\Bilal\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.15 22:28:31 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.15 21:18:06 | 000,001,061 | ---- | C] () -- C:\Users\Bilal\Desktop\Revo Uninstaller.lnk
[2010.06.15 19:13:46 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.14 23:50:27 | 000,010,540 | ---- | C] () -- C:\Users\Bilal\Desktop\Bella Kiss.docx
[2010.06.14 10:30:51 | 003,951,960 | ---- | C] () -- C:\Users\Bilal\Desktop\Innate_Forte_-_Showdown_www.Marvin-Vibez.com_.mp3
[2010.06.07 11:49:54 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.06.07 11:44:57 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.31 21:00:13 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.05.31 21:00:13 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Bilal.job
[2010.05.31 21:00:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010.05.31 20:54:03 | 000,001,398 | ---- | C] () -- C:\Users\Bilal\Desktop\DivX Movies.lnk
[2010.04.04 11:50:49 | 000,000,856 | ---- | C] () -- C:\Users\Bilal\.recently-used.xbel
[2010.04.03 10:15:21 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.01.30 10:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.23 19:08:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.01.23 19:08:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.24 12:14:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.15 19:45:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI
[2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.06.07 19:18:29 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\AllDup
[2008.07.26 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Buhl Data Service GmbH
[2010.06.07 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\FreeVideoConverter
[2010.04.04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\gtk-2.0
[2010.06.06 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\ICQ
[2008.10.15 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Leadertech
[2008.12.02 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Red Alert 3
[2008.09.04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Samsung
[2010.01.26 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\T-Online
[2009.06.28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\temp
[2008.08.10 10:15:10 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Template
[2010.06.07 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\TuneUp Software
[2009.10.28 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Ulead Systems
[2010.06.15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Bilal\AppData\Roaming\Uniblue
[2010.06.15 22:41:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.15 22:42:37 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Bilal-Startup.job
[2010.06.15 22:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19891C3E-A288-4FCE-B26E-4CCA4D4197F6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: WS2_32.DLL  >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< End of report >
--- --- ---

Larusso 16.06.2010 14:47
IE sollte jetzt wieder gehen. Wenn nicht teile mir das bitte mit


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
Gmer.txt

Bilal1988 17.06.2010 08:56
ich hab es runter geladen und es zeigt mir zum 3mal an das, dass programm einen fehler hat und beendet werden muss danach fährt er den pc automatisch runter.

was soll ich machen???

bitte um rückmeldung

Larusso 17.06.2010 14:27
kannst Du mir bitte die genaue Fehlermeldung mitteilen.

Rootkitsuche mit SysProt
  • Lade dir SysProt auf den Desktop und starte das Tool
  • Gehe dort auf den Reiter "Log"
  • Setze nun einen Haken bei:
    • Kernel Modules
    • Kernel Hooks
    • Hidden Files
    • Und unten bei "Hidden Objects Only"
  • Drücke nun auf "Create Log"
  • Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort "Scan All Drives"
  • Wenn der Scan abgeschlossen ist, beende SysProt.
  • Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

Bilal1988 18.06.2010 10:53
ich kann das nicht downloaden wenn ich auf den link geh dann unten auf download zeit er mit an die webseite kann nicht angezeigt werden.

MFG Bilal

Bilal1988 18.06.2010 11:16
HAT JETZT DOCH GEKLAPPT ABER MUSS ES TEIELEN WEIL ES ÜBER 100000 ZEICHEN HAT MIT "GMER" MFG BILAL


GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-18 12:04:44
Windows 6.0.6002 Service Pack 2
Running: oxm7md72.exe; Driver: C:\Users\Bilal\AppData\Local\Temp\kwlcqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x828E32D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x828E34C8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x828E2F44]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x828E36D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 81EC296C 3 Bytes [D6, 32, 8E]
.text ntkrnlpa.exe!KeSetEvent + 20D 81EC2970 3 Bytes [C8, 34, 8E]
.text ntkrnlpa.exe!KeSetEvent + 621 81EC2D84 3 Bytes [44, 2F, 8E]
.text ntkrnlpa.exe!KeSetEvent + 6E5 81EC2E48 4 Bytes [D0, 36, 8E, 82]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC08340, 0x3D9767, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[584] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[652] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[688] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[960] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7C, 71] {JL 0x73}
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9A, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [88, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [85, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8E, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A0, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9D, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [91, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [82, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [97, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [94, 71]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7F, 71] {JG 0x73}
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8B, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9A, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71]

Bilal1988 18.06.2010 11:24
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [97, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71]
.text C:\Windows\system32\AUDIODG.EXE[1292] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\SLsvc.exe[1356] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1484] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[1552] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Windows\system32\conime.exe[1632] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\conime.exe[1632] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\conime.exe[1632] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\conime.exe[1632] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conime.exe[1632] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Windows\system32\conime.exe[1632] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1792] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\PnkBstrA.exe[2068] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]

Bilal1988 18.06.2010 11:25
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] ntdll.dll!NtTestAlert 77C15514 5 Bytes JMP 716F0000
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] kernel32.dll!CreateThread + 1A 77B1C928 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtClose + 4 77C14318 2 Bytes [38, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [5B, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [A1, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [44, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [41, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [4A, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [9B, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [61, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [5E, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [4D, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [98, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [3E, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [58, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [55, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [3B, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [47, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [99, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9C, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [96, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2296] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9B, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9E, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2424] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [87, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [84, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [90, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [81, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [96, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [93, 71]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2444] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8A, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9B, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2504] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[2764] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[2840] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131