Déi ausführbar Datei rthdcpl.exe ass verantwortlech fir de Realtek HD Audio Utility unzefänken an z'aktivéieren, dat ass e Kontrollpanel fir de Soundkart Treiber. De Prozess gëtt zesumme mam System gestart an ass all d'Zäit aktiv. Probleemer mam Erhéijung vum Ressourceverbrauch duerch de rthdcpl.exe Prozess si bezunn op falsch Driverinstallatioun oder Virusinfektioun.
Methode 1: Manipuléiert Realtek HD Audio Treiber
Gréissten Deel vun der Zäit ass d'Fro vun der héijer CPU Laascht vum rthdcpl.exe Prozess verursaacht duerch eng aktuell Versioun vun de Realtek HD Audio Treiber. Dofir kënnt Dir et fixéieren andeems Dir de spezifizéierte Komponent aktualiséiert oder zréckgitt, wat sollt folgend gemaach ginn:
- Open "Start". a wielt "Kontrolléiere Panel"..
- Fir d'Bequemlechkeet ännert den Affichage Modus op "Grouss Symboler".
Eemol gemaach, kuckt no der Saach "Gerät Administrator". a gitt et an.
- В "Gerät Administrateur" klickt op de Tab "Sound, Video a Spill Apparater". An der Lëscht, déi opgeet, fannt Dir d'Positioun "Realtek High Definition Audio", markéiert et a wielt "Properties"..
- An den Eegeschafte klickt de Tab "Chauffeur". an dréckt "Erfrëschen"..
Nächst Auswiel. "Sicht automatesch no aktualiséierten Treiber" a waart op de System fir déi lescht Versioun vun der Software z'entdecken an z'installéieren.
- Wann Dir schonn déi lescht Chauffeuren installéiert hutt, ass et derwäert ze probéieren erof ze gräifen. Fir dëst ze maachen, am Tab Tab "Driver". dréckt op de Knäppchen "Réckwee"..
Bestätegt de Rollback mam Chauffer andeems Dir klickt "Jo"..
- Nodeems Dir d'Chauffeuren aktualiséiert oder zréckgezunn hutt, start Äre Computer neu.
Déi uewe beschriwwe Schrëtt sinn héchstwahrscheinlech fir rthdcpl.exe Probleemer ze fixéieren, awer nëmmen wann déi betreffend Datei net vun enger Virusinfektioun beaflosst gëtt.
Methode 2: eliminéiert d'Virusbedrohung
Well de Realtek HD Audio Kontrollpanel technesch e personaliséierte Programm ass, ass d'Wahrscheinlechkeet vu Malware déi d'exekutabel Datei infizéiert oder impersonéiert ass ganz héich. D'Location vun der EXE Datei an esou engem Fall ze detektéieren ass sënnlos, well d'Location vun den installéierte Programmkomponenten ufanks vum Benotzer bestëmmt gëtt. Dat eenzegt Zeeche vun der Infektioun ass d'Ineffektivitéit vun de Realtek Chauffer Manipulatiounen, déi an der Method 1. beschriwwe sinn. Et gi vill Anti-Virus System Botzmethoden an et ass net einfach e passenden Algorithmus fir e spezifesche Fall auszewielen, kuckt also eis allgemeng Desinfektiouns Tipps.
Méi Informatioun: Bekämpfe vu Virusdroungen
Fazit:
Zesummefaassend, rthdcpl.exe Infektiounsfäll si manner heefeg wéi schlecht installéiert Treiberprobleemer.
Mir si frou datt mir Iech beim Problem konnte hëllefen.
Beschreift wat net fir Iech geschafft huet.
Eis Spezialiste probéieren esou séier wéi méiglech ze äntweren.
Huet dësen Artikel Iech gehollef?
Et kann Iech interesséieren: Fannt a luet Treiber fir HP Pavilion DV6
Den Inhalt vum Artikel entsprécht eise Prinzipien vun der redaktionneller Ethik. Mir schaffen kontinuéierlech fir eisen Inhalt ze korrigéieren, ze verbesseren an ze aktualiséieren.
D'Artikelen ginn manuell mat grousser Ustrengung vun eisen Redaktoren erstallt, an e puer Fäll addéiere mir spezifesch Extraiten aus anere Quellen [déi an dësem Fall genannt ginn] a mir bidden e groussen neie Plus-value mat eisem eegene Standpunkt oder Verbesserunge vu Léisungen an Tutorials.
Hijack Hunter 1.8.4.1
You must be registered for see links
Log created on 1/29/2011 at 9:48:22 PM
[+] Generic system info
Operating System: Microsoft Windows XP Service Pack 3 32-bit
Build Version: 2600.xpsp.080413-2111
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32
[+] Running processes
[System Process] [0 bytes] [Unknown] [] [HSAR] [d41d8cd98f00b204e9800998ecf8427e]
System [0 bytes] [Unknown] [] [HSAR] [d41d8cd98f00b204e9800998ecf8427e]
C:\WINDOWS\system32\Ati2evxx.exe [598016 bytes] [ATI Technologies Inc.] [6/28/2010 8:56:06 AM] [--A-] [eca673779ecd27d674953d692fe070f6]
C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336 bytes] [Avira GmbH] [6/28/2010 10:45:55 AM] [--A-] [ca8a0e78c3bbbad05a9a132bc468df9c]
C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267944 bytes] [Avira GmbH] [6/28/2010 10:45:54 AM] [--A-] [48be1fcff1c929c899f29bcdc8659d9f]
C:\Program Files\Java\jre6\bin\jqs.exe [153376 bytes] [Sun Microsystems, Inc.] [10/6/2009 7:42:28 PM] [--A-] [112325f53ab720ca77825726d427fbdc]
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 bytes] [Microsoft Corporation] [11/24/2008 10:31:10 PM] [--A-] [4263dcf845b089e397c7c3bfc74f04fe]
C:\WINDOWS\system32\PnkBstrA.exe [66872 bytes] [Unknown] [9/28/2010 5:11:03 PM] [--A-] [831883b107684301f48ace752c963984]
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968 bytes] [Avira GmbH] [6/28/2010 10:45:55 AM] [--A-] [8c91bd35ae9aa8b628eec5e637bb1d0f]
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [87904 bytes] [Microsoft Corporation] [11/24/2008 10:31:12 PM] [--A-] [d2f4f32b59440011174b4f8137af4e0c]
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 bytes] [Yahoo! Inc.] [11/10/2008 3:48:14 AM] [--A-] [dd0042f0c3b606a6a8b92d49afb18ad6]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 bytes] [Cyberlink Corp.] [10/6/2009 10:54:28 PM] [----] [56f676060d70ba066459478824510bea]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768 bytes] [Avira GmbH] [6/28/2010 10:45:54 AM] [--A-] [c983e62b6fb74457d173ba93f66f6068]
C:\WINDOWS\RTHDCPL.EXE [17676288 bytes] [Realtek Semiconductor Corp.] [6/28/2010 8:56:16 AM] [--A-] [3b1764f98494b0c93f0df5572c7629e8]
C:\Program Files\Unikey32\UniKeyNT.exe [261632 bytes] [Unknown] [7/3/2010 8:38:38 PM] [--A-] [862fc3dd4330b4678a864e657140e1b4]
C:\Program Files\Internet Download Manager\IEMonitor.exe [263600 bytes] [Tonec Inc.] [5/25/2010 10:28:58 PM] [--A-] [207b16fa69f61d1895f8d8532f587e4b]
C:\Program Files\Avira\AntiVir Desktop\avscan.exe [435368 bytes] [Avira GmbH] [6/28/2010 10:45:55 AM] [--A-] [9469a0ce83b9656e7ca6f940daf965fb]
chrome.exe [0 bytes] [Unknown] [] [HSAR] [d41d8cd98f00b204e9800998ecf8427e]
C:\Program Files\Internet Download Manager\IDMan.exe [3270040 bytes] [Tonec Inc.] [1/24/2011 8:13:12 AM] [--A-] [0ab4577560d3f1b98c8de691a201326c]
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe [628736 bytes] [NoVirusThanks Company Srl] [1/29/2011 9:45:25 PM] [--A-] [b6ffa83b91d78a0369fe0e15e4dba69c]
msfeedssync.exe [0 bytes] [Microsoft Corporation] [] [HSAR] [d41d8cd98f00b204e9800998ecf8427e]
[+] Loaded Modules
C:\WINDOWS\system32\Ati2evxx.dll [143360 bytes] [ATI Technologies Inc.] [6/28/2010 8:56:07 AM] [--A-] [db326a97e844964af487d6ffde28256b]
C:\WINDOWS\system32\msacm32.drv [20480 bytes] [Microsoft Corporation] [8/23/2001 7:00:00 PM] [--A-] [9a3bd5f55aadff859539142f6328a66e]
C:\WINDOWS\AppPatch\AcAdProc.dll [39424 bytes] [Microsoft Corporation] [4/14/2008 10:41:50 AM] [--A-] [ea9ee60b408878e5f2012f9c783836db]
C:\WINDOWS\system32\Ati2edxx.dll [43520 bytes] [ATI Technologies, Inc.] [6/28/2010 8:56:07 AM] [--A-] [68169471fa71b327ed009b80cddc82de]
C:\WINDOWS\system32\atipdlxx.dll [188416 bytes] [ATI Technologies, Inc.] [6/28/2010 8:56:07 AM] [--A-] [df585de3b2ae3ce0fb72eb562bb989a7]
C:\WINDOWS\system32\Normaliz.dll [23552 bytes] [Microsoft Corporation] [1/7/2009 6:20:36 PM] [--A-] [10753a3adc3e39a3b10cc3f08e98e6b4]
C:\WINDOWS\system32\iertutil.dll [1985536 bytes] [Microsoft Corporation] [3/8/2009 4:32:22 AM] [--A-] [803a6176020d97e68704b211bfe7d255]
C:\WINDOWS\system32\mdimon.dll [17920 bytes] [Microsoft Corporation] [10/6/2009 9:22:05 PM] [--A-] [cf0376023360aadd55c89ba50564afdc]
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.d ll [18944 bytes] [Microsoft Corporation] [10/6/2009 9:22:05 PM] [--A-] [58e13a2292839321d3cdc918d5a4f5ae]
C:\WINDOWS\system32\odbcbcp.dll [24576 bytes] [Microsoft Corporation] [4/14/2008 10:42:04 AM] [--A-] [369f7b1a4f358b976176556a1a331f36]
C:\WINDOWS\system32\MSCOREE.DLL [270848 bytes] [Microsoft Corporation] [9/23/2005 7:28:52 AM] [--A-] [c749f552cba8e0dd2a0268df044985f4]
C:\WINDOWS\system32\sqlncli.dll [2248544 bytes] [Microsoft Corporation] [11/24/2008 10:31:10 PM] [--A-] [1f5585ee39c5b6629ae82205d5c7e84b]
C:\WINDOWS\system32\SQLNCLIR.RLL [205528 bytes] [Microsoft Corporation] [10/14/2005 2:48:56 AM] [--A-] [19e8e01fa6bfedd71f92e2adf3725d50]
C:\WINDOWS\system32\ieframe.dll [11067392 bytes] [Microsoft Corporation] [3/8/2009 4:39:48 AM] [--A-] [964fe5abad6d9a1e38797219514db5b2]
C:\WINDOWS\system32\WPDShServiceObj.dll [52224 bytes] [Microsoft Corporation] [4/19/2006 1:01:34 AM] [----] [9ba50416b769387c619c3ec6bf3cbb85]
C:\WINDOWS\system32\PortableDeviceTypes.dll [168960 bytes] [Microsoft Corporation] [4/19/2006 1:01:20 AM] [----] [36bf42ca5ae8bf8d1e1bc00ed5068abb]
C:\WINDOWS\system32\PortableDeviceApi.dll [345600 bytes] [Microsoft Corporation] [4/19/2006 1:01:28 AM] [----] [1f8c6bbebecbed21e002f45c18d523e9]
C:\WINDOWS\system32\CmdLineExt.dll [98304 bytes] [Sony DADC Austria AG.] [6/30/2010 3:31:19 PM] [--A-] [0aa300b8dcf8b4324ec491d6a44d4dab]
[+] Registry startups
Value: RemoteControl
Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: LanguageShortcut
Data: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: avgnt
Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: Adobe Reader Speed Launcher
Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: Adobe ARM
Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: RTHDCPL
Data: RTHDCPL.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: Alcmtr
Data: ALCMTR.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Value: UniKey
Data: C:\Program Files\Unikey32\UniKeyNT.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
Value: ctfmon.exe
Data: C:\WINDOWS\system32\ctfmon.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
Value: Google Update
Data: "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
Value: SpeedBitVideoAccelerator
Data: "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
Value: IDMan
Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ FSFilter Anti-Virus
Driver Name: avgntflt
Driver File: system32\DRIVERS\avgntflt.sys
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\avgntflt
[+] Services
c:\program files\avira\antivir desktop\sched.exe [AntiVirSchedulerService] [Avira AntiVir Scheduler] [Avira GmbH] [ca8a0e78c3bbbad05a9a132bc468df9c]
c:\program files\avira\antivir desktop\avguard.exe [AntiVirService] [Avira AntiVir Guard] [Avira GmbH] [48be1fcff1c929c899f29bcdc8659d9f]
c:\windows\system32\ati2evxx.exe [Ati HotKey Poller] [Ati HotKey Poller] [ATI Technologies Inc.] [eca673779ecd27d674953d692fe070f6]
c:\program files\java\jre6\bin\jqs.exe [JavaQuickStarterService] [Java Quick Starter] [Sun Microsystems, Inc.] [112325f53ab720ca77825726d427fbdc]
c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [MSSQL$SQLEXPRESS] [SQL Server [SQLEXPRESS]] [Microsoft Corporation] [4263dcf845b089e397c7c3bfc74f04fe]
c:\windows\system32\pnkbstra.exe [PnkBstrA] [PnkBstrA] [Unknown] [831883b107684301f48ace752c963984]
c:\program files\microsoft sql server\90\shared\sqlwriter.exe [SQLWriter] [SQL Server VSS Writer] [Microsoft Corporation] [d2f4f32b59440011174b4f8137af4e0c]
c:\program files\yahoo!\softwareupdate\yahooauservice.exe [YahooAUService] [Yahoo! Updater] [Yahoo! Inc.] [dd0042f0c3b606a6a8b92d49afb18ad6]
[+] ServiceDll
[+] Unknown files in Winsock LSP
[+] Unknown files in CLSID
C:\WINDOWS\system32\DVobSub.ax [249856 bytes] [Gabest] [12/11/2002 3:19:59 PM] [--A-] [9b8413cad2279f7d2c92506270fd820e]
C:\WINDOWS\system32\ImagXpr7.dll [476320 bytes] [Pegasus Imaging Corp.] [10/6/2009 8:44:52 PM] [----] [8f03fd1c3bd8f6b575e6cf5e0e89ff13]
C:\WINDOWS\system32\hypertrm.dll [347136 bytes] [Hilgraeve, Inc.] [10/6/2009 6:12:51 PM] [--A-] [277bdf16a94be0d063988d692541650b]
C:\WINDOWS\system32\NCTAudioRecord2.dll [311296 bytes] [NCT Company Ltd.] [12/14/2010 2:56:24 AM] [--A-] [b387a235ef3d1738e5568d710a2d665e]
C:\WINDOWS\system32\ir50_32.dll [755200 bytes] [Intel Corporation] [4/14/2008 10:41:56 AM] [--A-] [5f10dc19d92ccf6b719b494572f4f74b]
C:\WINDOWS\system32\VSFLEX3.OCX [225280 bytes] [VideoSoft] [1/5/1999 5:30:02 PM] [--A-] [c758ebc719c0d07b1b0e251c77f11bfd]
C:\WINDOWS\system32\ir41_32.ax [848384 bytes] [Intel Corporation] [4/14/2008 10:42:44 AM] [--A-] [948e1498c6438625247f94534aaa82fe]
C:\WINDOWS\system32\NCTAudioFile2.dll [1843200 bytes] [NCT Company Ltd.] [12/14/2010 2:56:24 AM] [--A-] [c3b700291807619d95cd185be6621444]
C:\WINDOWS\system32\l3codecx.ax [83456 bytes] [Fraunhofer Institut Integrierte Schaltungen IIS] [8/23/2001 7:00:00 PM] [--A-] [b5a7a5a67ecc144117d1e7d5352a2f6a]
C:\WINDOWS\system32\acelpdec.ax [61952 bytes] [Sipro Lab Telecom Inc.] [8/23/2001 7:00:00 PM] [--A-] [d0a33c77354a6f12ccd8034e4429a30d]
C:\WINDOWS\system32\AniGIF.ocx [172032 bytes] [Jin Hui E-mail: Web:
You must be registered for see links
] [1/10/2011 6:25:40 PM] [--A-] [45960b40c1ecb75ed5549a80049879e1]C:\WINDOWS\system32\NCTWMAFile2.dll [196608 bytes] [NCT Company Ltd.] [12/14/2010 2:56:25 AM] [--A-] [fbd2c562b4cd14c0107804433acf7fe2]
C:\WINDOWS\system32\l3codeca.acm [290816 bytes] [Fraunhofer Institut Integrierte Schaltungen IIS] [4/14/2008 10:39:58 AM] [--A-] [452705ac9e4c0dde91a61f0e02292423]
C:\WINDOWS\system32\NCTAudioPlayer2.dll [315392 bytes] [NCT Company Ltd.] [12/14/2010 2:56:24 AM] [--A-] [13073ceca55e0c35a62ffe9518505e6e]
C:\WINDOWS\system32\hticons.dll [44544 bytes] [Hilgraeve, Inc.] [10/6/2009 6:13:19 PM] [--A-] [f759a6e14403bc3d7a55ccad1b8f7b4a]
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll [266240 bytes] [Unknown] [6/28/2010 8:56:20 AM] [--A-] [bd47529c036933881b6d651d6a046e38]
C:\WINDOWS\system32\NCTAudioInformation2.dll [1040384 bytes] [NCT Company Ltd.] [12/14/2010 2:56:24 AM] [--A-] [f8d0e33605ede0f5c5d83215bae3ab55]
C:\WINDOWS\system32\iac25_32.ax [199680 bytes] [Intel Corporation] [4/14/2008 10:42:44 AM] [--A-] [877c90686858d899b042bba45e9b7f2c]
C:\WINDOWS\system32\deploytk.dll [411368 bytes] [Sun Microsystems, Inc.] [10/6/2009 7:42:37 PM] [--A-] [fea9e1745f7a500b1046012131c78227]
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll [131072 bytes] [Unknown] [6/28/2010 8:56:20 AM] [--A-] [05229a9335934a9414c9ee1696b11f2c]
[+] TCP Connections
svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:41026 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:39006 -> LISTENING
alg.exe -> 127.0.0.1:1029 -> 0.0.0.0:24676 -> LISTENING
jqs.exe -> 127.0.0.1:5152 -> 0.0.0.0:55412 -> LISTENING
N/A -> 192.168.1.50:139 -> 0.0.0.0:2176 -> LISTENING
chrome.exe -> 192.168.1.50:1619 -> 74.125.71.165:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1624 -> 74.125.71.139:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1628 -> 74.125.71.156:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1644 -> 63.150.131.16:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1665 -> 74.125.71.138:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1666 -> 222.255.27.197:80 -> ESTABLISHED
N/A -> 192.168.1.50:1737 -> 208.94.3.144:80 -> TIME_WAIT
chrome.exe -> 192.168.1.50:1740 -> 208.94.1.99:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1741 -> 208.94.3.144:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1745 -> 74.125.71.138:80 -> ESTABLISHED
chrome.exe -> 192.168.1.50:1748 -> 74.125.71.113:80 -> ESTABLISHED
[+] UDP Connections
N/A -> 0.0.0.0:445 -> *.*
lsass.exe -> 0.0.0.0:500 -> *.*
lsass.exe -> 0.0.0.0:4500 -> *.*
svchost.exe -> 127.0.0.1:123 -> *.*
svchost.exe -> 127.0.0.1:1038 -> *.*
svchost.exe -> 127.0.0.1:1900 -> *.*
PnkBstrA.exe -> 127.0.0.1:44301 -> *.*
svchost.exe -> 192.168.1.50:123 -> *.*
N/A -> 192.168.1.50:137 -> *.*
N/A -> 192.168.1.50:138 -> *.*
svchost.exe -> 192.168.1.50:1900 -> *.*
[+] Hosts file
205.199.44.156 registeridm.com
205.199.44.16 registeridm.com
127.0.0.1
You must be registered for see links
[+] Ring3 API Hooks
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT
[+] Kernel Mode Info
[SSDT] NtCreateKey -> 0xBA7B159E -> 0x80623786 -> N/A
[SSDT] NtCreateThread -> 0xBA7B1594 -> 0x805D0FD4 -> N/A
[SSDT] NtDeleteKey -> 0xBA7B15A3 -> 0x80623C16 -> N/A
[SSDT] NtDeleteValueKey -> 0xBA7B15AD -> 0x80623DE6 -> N/A
[SSDT] NtLoadKey -> 0xBA7B15B2 -> 0x80625982 -> N/A
[SSDT] NtOpenProcess -> 0xBA7B1580 -> 0x805CB3FC -> N/A
[SSDT] NtOpenThread -> 0xBA7B1585 -> 0x805CB688 -> N/A
[SSDT] NtReplaceKey -> 0xBA7B15BC -> 0x80625832 -> N/A
[SSDT] NtRestoreKey -> 0xBA7B15B7 -> 0x8062513E -> N/A
[SSDT] NtSetValueKey -> 0xBA7B15A8 -> 0x80621D0C -> N/A
---
Finish [ 0:13:22 ]