VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Proces WmPrvSE.exe neúměrně vytěžuje procesor

https://forum.viry.cz:443/viewtopic.php?t=115019

Stránka 3 z 7

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:36
od j.benzo
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-02 22:35:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: gmer.exe; Driver: C:\Users\Honza\AppData\Local\Temp\pwliafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F736202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F7387F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F738848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F73895E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F738746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F738898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F73879A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F73890C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F736226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F735FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F73624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F738D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F736CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F738820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F738870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F738988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F738772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F7388D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F7387C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F738936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F736BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F73626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F736292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F73604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F736186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F736162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F7361AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F7362B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E3AA398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 2FD 824AE8F4 4 Bytes [02, 62, 73, 8F]
.text ntoskrnl.exe!KeInsertQueue + 3C1 824AE9B8 8 Bytes [F0, 87, 73, 8F, 48, 88, 73, ...] {LOCK XCHG [EBX-0x71], ESI; DEC EAX; MOV [EBX-0x71], DH}
.text ntoskrnl.exe!KeInsertQueue + 3CD 824AE9C4 4 Bytes [5E, 89, 73, 8F] {POP ESI; MOV [EBX-0x71], ESI}
.text ntoskrnl.exe!KeInsertQueue + 3E5 824AE9DC 4 Bytes [46, 87, 73, 8F] {INC ESI; XCHG [EBX-0x71], ESI}
.text ntoskrnl.exe!KeInsertQueue + 405 824AE9FC 8 Bytes [98, 88, 73, 8F, 9A, 87, 73, ...]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 825E4E46 5 Bytes JMP 8E3A5D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8262E54F 4 Bytes CALL 8F73734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 82632A1C 5 Bytes JMP 8E3A77F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 8265C013 4 Bytes CALL 8F737361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 826C9E84 7 Bytes JMP 8E3AA39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\jqbdgmq.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D407340, 0x3EE1D7, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 9981FC80 5 Bytes JMP 8F739440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 99838EA9 5 Bytes JMP 8F739E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 99839C95 5 Bytes JMP 8F739F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 998423F7 5 Bytes JMP 8F738D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9984334E 5 Bytes JMP 8F739BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 9984EA94 5 Bytes JMP 8F739316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 9984FEFF 5 Bytes JMP 8F738F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 99869A35 5 Bytes JMP 8F739180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 99869A89 5 Bytes JMP 8F739326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 99890A8E 5 Bytes JMP 8F739B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 998933ED 5 Bytes JMP 8F738E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 99899D2E 5 Bytes JMP 8F738FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 998A41CC 5 Bytes JMP 8F73A014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 998A70B4 5 Bytes JMP 8F738E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 998C54E5 5 Bytes JMP 8F739D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 998CBBB3 5 Bytes JMP 8F739BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 998CF32A 5 Bytes JMP 8F739CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 998D6C49 5 Bytes JMP 8F738EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 998F51BC 5 Bytes JMP 8F7390AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 998FAA3A 5 Bytes JMP 8F739008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 998FE572 5 Bytes JMP 8F739ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 9991CA97 5 Bytes JMP 8F73903E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 999292F1 5 Bytes JMP 8F7390E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9EC5B03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9EC5B0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9EC5B0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9EC5B130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9EC5B137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
? C:\Users\Honza\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[232] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[232] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[232] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\spoolsv.exe[232] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\spoolsv.exe[232] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00930600
.text C:\Windows\System32\spoolsv.exe[232] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00930804
.text C:\Windows\System32\spoolsv.exe[232] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00930A08
.text C:\Windows\System32\spoolsv.exe[232] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 009301F8
.text C:\Windows\System32\spoolsv.exe[232] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 009303FC
.text C:\Windows\system32\svchost.exe[448] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[448] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[448] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[448] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00200804
.text C:\Windows\system32\svchost.exe[448] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00200A08
.text C:\Windows\system32\svchost.exe[448] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 002001F8
.text C:\Windows\system32\svchost.exe[448] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 002003FC
.text C:\Windows\system32\csrss.exe[624] KERNEL32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[676] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[676] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[676] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[676] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[676] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[676] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[676] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[676] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[676] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\services.exe[720] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[720] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[720] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[720] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[720] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[720] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[720] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[720] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[732] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[732] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001C01F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001C03FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!RegOpenKeyExA 75CD7C42 5 Bytes JMP 00043EEE C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 001E0600
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 001E1014
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 001E0804
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 001E0A08
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 001E0C0C
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 001E0E10
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001E01F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 001F0804
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 001F0A08
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001F01F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[788] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001F03FC
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[816] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00150600
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00160600
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00160804
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 761598DB 3 Bytes JMP 00160A08
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx + 4 761598DF 1 Byte [8A]
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 7615C06F 3 Bytes JMP 001603FC
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent + 4 7615C073 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00390600
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00390804
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00390A08
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 003901F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 003903FC
.text C:\Windows\system32\nvvsvc.exe[984] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[984] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[984] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[984] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[984] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[984] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[984] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[984] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\nvvsvc.exe[984] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00120804
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001203FC
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00AB0600
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00AB0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00AB0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 00AB01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 00AB03FC
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00E80600
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00E80804
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00E80A08
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 00E801F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 00E803FC
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\AUDIODG.EXE[1296] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 000E0804
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 000E0A08
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000E03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!CreateServiceA

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:38
od j.benzo
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1396] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001303FC
.text C:\Windows\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00CD0600
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00CD0804
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00CD0A08
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 00CD01F8
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 00CD03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 75F1A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1692] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1692] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1692] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1692] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1692] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1692] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1692] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1692] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1692] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001401F8
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001403FC
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00160600
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00160804
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!UnhookWindowsHookEx 761598DB 3 Bytes JMP 00160A08
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!UnhookWindowsHookEx + 4 761598DF 1 Byte [8A]
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!UnhookWinEvent 7615C06F 3 Bytes JMP 001603FC
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] USER32.dll!UnhookWinEvent + 4 7615C073 1 Byte [8A]
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Firebird\bin\fbguard.exe[1752] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2096] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00370600
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00370804
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00370A08
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 003701F8
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 003703FC
.text C:\Windows\System32\svchost.exe[2120] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2120] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[2120] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[2120] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[2120] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[2156] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2156] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2156] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[2156] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2156] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2172] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2172] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2172] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[2172] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[2172] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[2172] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001E03FC
.text C:\Windows\System32\alg.exe[2180] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\alg.exe[2180] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\alg.exe[2180] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\alg.exe[2180] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\alg.exe[2180] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\System32\alg.exe[2180] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\System32\alg.exe[2180] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\alg.exe[2180] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\alg.exe[2180] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2196] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2232] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00060600
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00060804
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00060A08
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000601F8
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000603FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2344] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2368] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2408] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2408] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2440] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 002303FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00230600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00231014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00230804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00230A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00230C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00230E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 002301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00240600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00240804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00240A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 002401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2564] KERNEL32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2568] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00320600
.text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00320804
.text C:\Windows\system32\svchost.exe[2568] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00320A08
.text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 003201F8
.text C:\Windows\system32\svchost.exe[2568] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 003203FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 00EE03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00EE0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00EE1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00EE0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00EE0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00EE0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00EE0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 00EE01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00EF0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00EF0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00EF0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 00EF01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2612] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 00EF03FC
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\Launch Manager\HotkeyApp.exe[2624] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2636] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 000C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2680] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Launch Manager\OSD.exe[2692] ntdll.dll!LdrLoadDll

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:41
od j.benzo
.text C:\Program Files\Launch Manager\OSD.exe[2692] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001403FC
.text C:\Program Files\Launch Manager\OSD.exe[2692] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00160600
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00160804
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!UnhookWindowsHookEx 761598DB 3 Bytes JMP 00160A08
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!UnhookWindowsHookEx + 4 761598DF 1 Byte [8A]
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!UnhookWinEvent 7615C06F 3 Bytes JMP 001603FC
.text C:\Program Files\Launch Manager\OSD.exe[2692] USER32.dll!UnhookWinEvent + 4 7615C073 1 Byte [8A]
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Launch Manager\OSD.exe[2692] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2732] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[2992] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3084] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wbem\unsecapp.exe[3084] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3084] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00090600
.text C:\Windows\system32\wbem\unsecapp.exe[3084] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\unsecapp.exe[3084] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\unsecapp.exe[3084] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\unsecapp.exe[3084] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 002401F8
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 002403FC
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00260600
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00260804
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00260A08
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00270600
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00271014
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00270804
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00270A08
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00270C0C
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00270E10
.text C:\Program Files\Firebird\bin\fbserver.exe[3092] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 002701F8
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00190600
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00191014
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00190804
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00190A08
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00190C0C
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00190E10
.text C:\Program Files\Launch Manager\WisLMSvc.exe[3132] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3168] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Windows\RtHDVCpl.exe[3340] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3340] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3340] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3340] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3340] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00190600
.text C:\Windows\RtHDVCpl.exe[3340] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00190804
.text C:\Windows\RtHDVCpl.exe[3340] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00190A08
.text C:\Windows\RtHDVCpl.exe[3340] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001901F8
.text C:\Windows\RtHDVCpl.exe[3340] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001903FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3372] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\wpcumi.exe[3640] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\wpcumi.exe[3640] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\wpcumi.exe[3640] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\wpcumi.exe[3640] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\wpcumi.exe[3640] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\System32\wpcumi.exe[3640] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\System32\wpcumi.exe[3640] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\wpcumi.exe[3640] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\wpcumi.exe[3640] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3748] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00260600
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00260804
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00260A08
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00270600
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00271014
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00270804
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00270A08
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00270C0C
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00270E10
.text C:\Program Files\Launch Manager\LaunchAp.exe[3796] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 002701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3996] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[4056] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[4056] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[4056] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[4056] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[4056] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[4056] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[4056] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[4056] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[4056] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[4064] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:41
od j.benzo
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 000A0600
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 000A1014
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 000A0804
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 000A0A08
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 000A0C0C
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 000A0E10
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 001B0600
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 001B0804
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Windows Live\Family Safety\fsui.exe[4116] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4124] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4140] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 000B0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 008C0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 008C0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 008C0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 008C01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4272] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 008C03FC
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001A03FC
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 001A0600
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 001A1014
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 001A0804
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 001A0A08
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 001A0C0C
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 001A0E10
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001A01F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 001B0600
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 001B0804
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 001B0A08
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001B01F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4280] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001B03FC
.text C:\Windows\explorer.exe[4328] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4580] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\notepad.exe[4668] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4700] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\Explorer.exe[5096] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.exe[5096] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.exe[5096] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.exe[5096] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.exe[5096] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.exe[5096] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.exe[5096] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.exe[5096] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.exe[5096] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[5192] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5192] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[5192] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00170600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5680] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\rundll32.exe[5764] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5800] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ntdll.dll!LdrLoadDll 774093A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ntdll.dll!LdrUnloadDll 7741B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] kernel32.dll!GetBinaryTypeW + 70 75F42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!CreateServiceW 75CE9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!DeleteService 75CEA07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!SetServiceObjectSecurity 75D26CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!ChangeServiceConfigA 75D26DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!ChangeServiceConfigW 75D26F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!ChangeServiceConfig2A 75D27099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!ChangeServiceConfig2W 75D271E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] ADVAPI32.dll!CreateServiceA 75D272A1 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 00190600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 00190804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 00190A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] USER32.dll!SetWinEventHook 76159F3A 5 Bytes JMP 001901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5936] USER32.dll!UnhookWinEvent 7615C06F 5 Bytes JMP 001903FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[720] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000D0002
IAT C:\Windows\system32\services.exe[720] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000D0000
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1712] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4216] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74107817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7415A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7410BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [740FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [741075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [740FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74138395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7410DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [740FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [740FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [740F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7418CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7412C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [740FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [740F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [740F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4328] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74102AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4864] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74107817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [7415A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7410BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [740FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [741075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [740FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74138395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7410DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [740FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [740FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [740F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7418CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7412C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [740FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [740F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [740F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5096] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74102AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[5776] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dc9892
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dc9892@44f459de8090 0x6E 0x6A 0x71 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641dc9892 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641dc9892@44f459de8090 0x6E 0x6A 0x71 0xCF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 9C96A233B2752E744B1883B26313033B94E5FA832F4C06887586831A101A21A673B38862B3A9ACDE26C137D62BCAA85D90171929EBF2BBA3C73082819FC50D876C38CB4348B6E44BF12EDFEB2BB620BABA1E9B7C96F3F9617A627372ECA69B49F37FF5550A6F8255810A954D72493517E8974650528247CD874BE85BCECFAEE1CAEB07402868E5F8F70663F9A4B6E319C327511CD994DE5A3D20E44CB519DDA883E0EE4DE2F9A41BCED94615787BDF4DCB7368FCF665ADDA4098E3FAA11FF55D0547156992C28600D2BCB2E438538BA1CF272CB28BF45987FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A6171C11EC38DE3D57C47BF3243FBD9CEA948BE6828EDFA9F5B93BA55415E9E50A09EA7E5617B2E61F799BAC1AA5379EA6DFCF3D455FDE0CF92F348AA63D93FE0FD41CC796F09F6B7F1C511A2053694B6424ADC38C6672900069085FAA5EADA9AF5973A8F343A70EBC7B4559FB1FF2E9EDA37B91B0BBF349F4BBDC526BF1F15E229C020AD109FDD0F1EE98AD032124A4E12585E29DB871281CFE4B3A0CB34A7B6B274F7CA57D8C1B89505E7FA1B9030C31720C1854FD2F080C8EE08FC023D6C16984542EFA236D36457C1B585609C993215B43B5676D22A3B0C81D6F5204EAD
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:42
od j.benzo
:roll: nechápu jak se v tom můžeš vyznat.

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 21:45
od chodnik74
:arrow: Stáhneme a spustíme SystemLook

http://jpshortstuff.247fixes.com/SystemLook.exe

Do okna vložíme následující script a stiskneme tlačítko Look

Kód: Vybrat vše

:filefind
WmPrvSE.exe
:arrow: Po dokončení se nám otevře log,který mi zkopírujte sem

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 02 zář 2011 22:12
od j.benzo
SystemLook 30.07.11 by jpshortstuff
Log created at 23:14 on 02/09/2011 by Honza
Administrator - Elevation successful

========== filefind ==========

Searching for "WmPrvSE.exe"
No files found.

-= EOF =-

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 03 zář 2011 07:35
od chodnik74
Dobré ránko :)

zkusíme AVPTool dle návodu: http://www.viry.cz/forum/viewtopic.php?t=58179

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 03 zář 2011 08:38
od j.benzo
OK jdu na to.
Teď mě napadlo. Při kontrole GMER jsem měl zafajfkovaný pouze disk C a D jsem neoznačil. Nebude ti chybět tato kontrola?

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 03 zář 2011 08:42
od chodnik74
po AVPtool mi uděláte sken s jednotkou D: :)

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 03 zář 2011 13:28
od j.benzo
Log z AVPTool-žádný
Nic nenalezeno.

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 04 zář 2011 15:57
od chodnik74
Pokračujeme dále...Až ve vám ukáže proces WmPrvSE.exe,tak mi prosím udělejte screen :)


:arrow: Stáhneme a spustíme SystemLook

http://jpshortstuff.247fixes.com/SystemLook.exe

Do okna vložíme následující script a stiskneme tlačítko Look

Kód: Vybrat vše

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}

:filefind
p.exe
:arrow: Po dokončení se nám otevře log,který mi zkopírujte sem


:arrow: Stáhněte program RogueKiller
  • Spuste program
  • Stiskněte klávesu 2 a enter
  • Objeví se vám log a ten sem vložte
  • Stějně tak opakujte s volbou 3 a 4 a vložte logy

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 04 zář 2011 19:09
od j.benzo
SystemLook 30.07.11 by jpshortstuff
Log created at 20:09 on 04/09/2011 by Honza
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
(Unable to open key - key not found)

========== filefind ==========

Searching for "p.exe"
No files found.

-= EOF =-

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 04 zář 2011 19:12
od j.benzo
RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Honza [Admin rights]
Mode: Remove -- Date : 09/04/2011 20:14:46

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

Napsal: 04 zář 2011 19:12
od j.benzo
RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Honza [Admin rights]
Mode: HOSTSFix -- Date : 09/04/2011 20:15:36

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Všechny časy jsou v UTC+01:00
Stránka 3 z 7

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz