Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Proces WmPrvSE.exe neúměrně vytěžuje procesor

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#61 Příspěvek od j.benzo »

Tak přeci jenom :happy:

ComboFix 11-09-04.03 - Honza 04.09.2011 23:28:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1028 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-04 do 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 21:39 . 2011-09-04 21:57 -------- d-----w- c:\users\Honza\AppData\Local\temp
2011-09-04 21:39 . 2011-09-04 21:39 -------- d-----w- c:\users\Péťa\AppData\Local\temp
2011-09-04 21:39 . 2011-09-04 21:39 -------- d-----w- c:\users\OPLAYE7\AppData\Local\temp
2011-09-04 21:39 . 2011-09-04 21:39 -------- d-----w- c:\users\Honzík\AppData\Local\temp
2011-09-04 21:39 . 2011-09-04 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-03 08:14 . 2011-09-03 08:14 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-02 07:14 . 2011-09-02 07:14 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2011-09-02 07:13 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-02 07:13 . 2011-09-02 07:13 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 07:13 . 2011-09-02 07:14 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-02 07:13 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 07:11 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D384A1-0881-4335-87B2-E129A1027AAE}\mpengine.dll
2011-09-01 15:15 . 2011-09-01 15:15 512 -c--a-w- C:\PhysicalMBR.bin
2011-08-31 17:56 . 2011-08-31 17:56 -------- dc----w- c:\program files\Microsoft IntelliPoint
2011-08-31 17:53 . 2011-08-31 17:53 -------- dc----w- c:\program files\Common Files\Java
2011-08-31 16:12 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-31 16:12 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 16:12 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-31 16:12 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-31 16:12 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-31 16:12 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-31 16:11 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-31 16:11 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 16:10 . 2011-08-31 16:10 -------- dc----w- c:\program files\AVAST Software
2011-08-31 16:10 . 2011-08-31 16:10 -------- d-----w- c:\programdata\AVAST Software
2011-08-31 08:21 . 2011-08-31 17:01 -------- dc----w- c:\program files\FileHippo.com
2011-08-31 06:47 . 2011-09-01 08:52 -------- dc----w- c:\program files\trend micro
2011-08-31 06:47 . 2011-08-31 06:48 -------- dc----w- C:\rsit
2011-08-30 21:35 . 2011-08-31 16:21 -------- dc----w- c:\program files\Spybot - Search & Destroy
2011-08-30 21:06 . 2011-08-30 21:06 -------- dc----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-08-30 21:06 . 2011-08-30 21:06 -------- dc----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-08-30 21:06 . 2011-08-30 21:06 -------- dc----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-08-30 21:02 . 2011-08-31 16:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-30 21:00 . 2011-08-30 21:01 -------- d-----w- c:\users\Honza\AppData\Roaming\GetRightToGo
2011-08-30 19:37 . 2011-08-30 19:37 -------- dc----w- C:\$AVG
2011-08-24 16:55 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-10 07:06 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 07:06 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 07:06 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 07:05 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 07:05 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 07:05 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 07:39 . 2011-08-07 07:39 -------- d-----w- c:\programdata\AVS4YOU
2011-08-07 07:39 . 2011-08-07 07:39 -------- d-----w- c:\users\Honza\AppData\Roaming\AVS4YOU
2011-08-07 07:36 . 2010-11-19 07:47 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-08-07 07:36 . 2010-11-19 07:47 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-08-07 07:35 . 2011-08-07 07:37 -------- dc----w- c:\program files\Common Files\AVSMedia
2011-08-07 07:35 . 2011-08-07 07:37 -------- dc----w- c:\program files\AVS4YOU
2011-08-07 07:35 . 2010-06-22 07:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-08-06 21:07 . 2011-08-06 21:18 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2011-08-06 21:07 . 2011-08-06 21:07 -------- dc----w- c:\program files\Pinnacle
2011-08-06 21:07 . 2011-08-06 21:07 -------- dc----w- c:\program files\Common Files\Yahoo!
2011-08-06 21:03 . 2011-08-06 21:03 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 17:51 . 2010-12-19 22:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-17 19:08 . 2011-05-18 17:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 13:56 . 2011-08-01 13:56 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-08-01 13:56 . 2011-08-01 13:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2011-08-01 13:56 . 2011-08-01 13:56 395624 ----a-w- c:\windows\system32\ipcoin82.dll
2011-08-01 13:56 . 2011-08-01 13:56 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-07-30 06:49 . 2011-07-30 06:49 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-21 21:23 . 2011-06-21 21:23 389136 ----a-w- c:\windows\system32\FTBSaver.scr
2011-06-16 20:29 . 2011-04-15 17:08 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-07-15 17:34 . 2011-03-23 21:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2007-03-28 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-22 2049320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-08-27 30312]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 121576]
R3 SWNC8U00;Sierra Wireless MUX NDIS Driver (UMTS00);c:\windows\system32\DRIVERS\swnc8u00.sys [2007-03-12 102272]
R3 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);c:\windows\system32\DRIVERS\swumx00.sys [2007-03-12 72576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe [2007-12-11 65536]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 ScrybeUpdater;Aktualizátor aplikace Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-10 328992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe [2007-12-11 1531989]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-18 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961242829-2454810961-2216918179-1000Core.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 06:15]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3961242829-2454810961-2216918179-1000UA.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 06:15]
.
2011-08-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 13:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\9mc55dld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 23:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4000)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Celkový čas: 2011-09-05 00:02:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-04 22:02
ComboFix2.txt 2011-09-02 19:24
.
Před spuštěním: 9 043 058 688
Po spuštění: 9 084 911 616
.
- - End Of File - - 89405F591364DBF1CAA92640BF991961
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#62 Příspěvek od j.benzo »

Ještě GMER Déčka

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-05 00:29:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: gmer.exe; Driver: C:\Users\Honza\AppData\Local\Temp\pwliafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E730202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E7327F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E732848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E73295E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E732746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E732898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E73279A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E73290C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E730226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E72FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E73024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E732D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E730CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E732820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E732870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E732988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E732772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E7328D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E7327C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E732936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E730BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E73026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E730292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E73004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E730186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E730162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E7301AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E7302B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D798398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 2FD 824B88F4 4 Bytes [02, 02, 73, 8E] {ADD AL, [EDX]; JAE 0xffffffffffffff92}
.text ntoskrnl.exe!KeInsertQueue + 3C1 824B89B8 8 Bytes [F0, 27, 73, 8E, 48, 28, 73, ...]
.text ntoskrnl.exe!KeInsertQueue + 3CD 824B89C4 4 Bytes [5E, 29, 73, 8E] {POP ESI; SUB [EBX-0x72], ESI}
.text ntoskrnl.exe!KeInsertQueue + 3E5 824B89DC 4 Bytes [46, 27, 73, 8E] {INC ESI; DAA ; JAE 0xffffffffffffff92}
.text ntoskrnl.exe!KeInsertQueue + 405 824B89FC 8 Bytes [98, 28, 73, 8E, 9A, 27, 73, ...]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 825EEE46 5 Bytes JMP 8D793D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8263854F 4 Bytes CALL 8E73134B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 8263CA1C 5 Bytes JMP 8D7957F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82666013 4 Bytes CALL 8E731361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 826D3E84 7 Bytes JMP 8D79839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C80E340, 0x3EE1D7, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 98C9FC80 5 Bytes JMP 8E733440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 98CB8EA9 5 Bytes JMP 8E733E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 98CB9C95 5 Bytes JMP 8E733F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 98CC23F7 5 Bytes JMP 8E732D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 98CC334E 5 Bytes JMP 8E733BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 98CCEA94 5 Bytes JMP 8E733316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 98CCFEFF 5 Bytes JMP 8E732F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 98CE9A35 5 Bytes JMP 8E733180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 98CE9A89 5 Bytes JMP 8E733326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 98D10A8E 5 Bytes JMP 8E733B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 98D133ED 5 Bytes JMP 8E732E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 98D19D2E 5 Bytes JMP 8E732FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 98D241CC 5 Bytes JMP 8E734014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 98D270B4 5 Bytes JMP 8E732E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 98D454E5 5 Bytes JMP 8E733D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 98D4BBB3 5 Bytes JMP 8E733BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 98D4F32A 5 Bytes JMP 8E733CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 98D56C49 5 Bytes JMP 8E732EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 98D751BC 5 Bytes JMP 8E7330AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 98D7AA3A 5 Bytes JMP 8E733008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 98D7E572 5 Bytes JMP 8E733ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 98D9CA97 5 Bytes JMP 8E73303E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 98DA92F1 5 Bytes JMP 8E7330E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9F05A03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05A0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F05A0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9F05A130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9F05A137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Firebird\bin\fbguard.exe[12] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001403FC
.text C:\Program Files\Firebird\bin\fbguard.exe[12] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Firebird\bin\fbguard.exe[12] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00160600
.text C:\Program Files\Firebird\bin\fbguard.exe[12] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00160804
.text C:\Program Files\Firebird\bin\fbguard.exe[12] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00160A08
.text C:\Program Files\Firebird\bin\fbguard.exe[12] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Firebird\bin\fbguard.exe[12] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00170600
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Firebird\bin\fbguard.exe[12] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 002401F8
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 002403FC
.text C:\Program Files\Firebird\bin\fbserver.exe[156] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Firebird\bin\fbserver.exe[156] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00260600
.text C:\Program Files\Firebird\bin\fbserver.exe[156] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00260804
.text C:\Program Files\Firebird\bin\fbserver.exe[156] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00260A08
.text C:\Program Files\Firebird\bin\fbserver.exe[156] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Firebird\bin\fbserver.exe[156] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00270600
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Firebird\bin\fbserver.exe[156] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 002701F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 002703FC
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00270600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00271014
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00270804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00270A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00270C0C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00270E10
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 002701F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00280600
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00280804
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00280A08
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 002801F8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[304] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 002803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[316] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[400] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[400] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[400] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[400] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\csrss.exe[540] KERNEL32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!RegOpenKeyExA 77257C42 5 Bytes JMP 001A3EEE C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[580] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wininit.exe[588] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[588] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[588] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[588] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[588] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[600] KERNEL32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\services.exe[632] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[632] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[632] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[632] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[632] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[644] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[644] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[656] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[656] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[656] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[656] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001903FC
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00190600
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00191014
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00190804
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00190A08
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00190C0C
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00190E10
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00760600
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00760804
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00760A08
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 007601F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 007603FC
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 006A0600
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 006A0804
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 006A0A08
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 006A01F8
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 006A03FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1004] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00810600
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00810804
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#63 Příspěvek od j.benzo »

.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 008101F8
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 008103FC
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 005303FC
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00530600
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00531014
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00530804
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00530A08
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00530C0C
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00530E10
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 005301F8
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00570600
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 005703FC
.text C:\Windows\system32\AUDIODG.EXE[1220] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00740600
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00740804
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00740A08
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 007401F8
.text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 007403FC
.text C:\Windows\system32\rundll32.exe[1384] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[1384] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[1384] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1384] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[1384] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[1384] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[1384] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\rundll32.exe[1384] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\rundll32.exe[1384] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00650600
.text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00650804
.text C:\Windows\system32\svchost.exe[1428] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00650A08
.text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 006501F8
.text C:\Windows\system32\svchost.exe[1428] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 006503FC
.text C:\Windows\system32\svchost.exe[1444] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1444] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00320600
.text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00320804
.text C:\Windows\system32\svchost.exe[1444] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00320A08
.text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 003201F8
.text C:\Windows\system32\svchost.exe[1444] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 003203FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 763BA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1612] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1612] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1612] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00180600
.text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[1716] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1716] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 006A0600
.text C:\Windows\System32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 006A0804
.text C:\Windows\System32\svchost.exe[1716] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 006A0A08
.text C:\Windows\System32\svchost.exe[1716] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 006A01F8
.text C:\Windows\System32\svchost.exe[1716] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 006A03FC
.text C:\Windows\System32\svchost.exe[1728] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1732] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\spoolsv.exe[1940] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1940] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1940] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1940] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00370600
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00370804
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00370A08
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 003701F8
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 003703FC
.text C:\Windows\system32\svchost.exe[1964] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1964] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 006B0600
.text C:\Windows\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 006B0804
.text C:\Windows\system32\svchost.exe[1972] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 006B0A08
.text C:\Windows\system32\svchost.exe[1972] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 006B01F8
.text C:\Windows\system32\svchost.exe[1972] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 006B03FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00060600
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00060804
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00060A08
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000601F8
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000603FC
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2156] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2184] USER32.dll!UnhookWinEvent
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#64 Příspěvek od j.benzo »

.text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2248] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2248] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00170600
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00171014
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00170804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00170A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00170C0C
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00170E10
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001701F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00180600
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00180804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00180A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2272] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000C1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000C0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000C0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2348] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 00EE03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00EE0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00EE1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00EE0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00EE0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00EE0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00EE0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 00EE01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00EF0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00EF0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00EF0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 00EF01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2412] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 00EF03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2492] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2632] KERNEL32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[2864] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wbem\unsecapp.exe[2864] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[2864] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00090600
.text C:\Windows\system32\wbem\unsecapp.exe[2864] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\unsecapp.exe[2864] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\unsecapp.exe[2864] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\unsecapp.exe[2864] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2876] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2876] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[2924] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[2924] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[2924] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2964] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 000A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 000A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 000A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 000B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 000B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 000B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 000B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 000B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 000B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000B01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00170600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00170804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00170A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00180600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00181014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00180804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00180A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00180C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00180E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\alg.exe[3332] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\alg.exe[3332] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\alg.exe[3332] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\alg.exe[3332] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\alg.exe[3332] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\System32\alg.exe[3332] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\System32\alg.exe[3332] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\alg.exe[3332] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\alg.exe[3332] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 001A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 001A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 001A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 001B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 001B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 001B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 001B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 001B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 001B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001B01F8
.text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3464] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 001A0600
.text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 001A0804
.text C:\Windows\system32\svchost.exe[3464] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 001A0A08
.text C:\Windows\system32\svchost.exe[3464] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001A01F8
.text C:\Windows\system32\svchost.exe[3464] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001A03FC
.text C:\Windows\system32\rundll32.exe[3476] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[3476] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[3476] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[3476] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[3476] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[3476] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[3476] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[3476] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[3476] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3596] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3768] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\notepad.exe[3932] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\notepad.exe[3932] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\notepad.exe[3932] kernel32.dll!GetBinaryTypeW + 70
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#65 Příspěvek od j.benzo »

.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\notepad.exe[3932] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\notepad.exe[3932] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\system32\notepad.exe[3932] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\notepad.exe[3932] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\notepad.exe[3932] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\notepad.exe[3932] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.exe[4000] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.exe[4000] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.exe[4000] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.exe[4000] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.exe[4000] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.exe[4000] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.exe[4000] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.exe[4000] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.exe[4000] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 000803FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001701F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001703FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 77C1422A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 77C1422F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77C1497A 1 Byte [28]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77C1497A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 77C1497F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 77C14A0A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 77C14A0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 77C14A8A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 77C14A8F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + 6 77C14A9A 4 Bytes CALL 76C160A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 77C14A9F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 77C14AAA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 77C14AAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 77C14AFA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 77C14AFF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 77C14B0A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 77C14B0F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + 6 77C14B1A 4 Bytes CALL 76C16121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 77C14B1F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 77C14BAA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 77C14BAF 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + 6 77C14C5A 4 Bytes CALL 76C1625F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 77C14C5F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 77C1513A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 77C1513F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 77C1518A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 77C1518F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 1 Byte [68]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 77C1542A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 77C1542F 1 Byte [E2]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 001A0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 001A0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 001A0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 001A01F8
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 001A03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 001B03FC
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 001B0600
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 001B1014
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 001B0804
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 001B0A08
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 001B0C0C
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 001B0E10
.text C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 001B01F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ntdll.dll!LdrLoadDll 77BD93A8 5 Bytes JMP 001501F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ntdll.dll!LdrUnloadDll 77BEB740 5 Bytes JMP 001503FC
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] kernel32.dll!GetBinaryTypeW + 70 763E2467 1 Byte [62]
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!CreateServiceW 77269EB4 5 Bytes JMP 003D03FC
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!DeleteService 7726A07E 5 Bytes JMP 003D0600
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!SetServiceObjectSecurity 772A6CD9 5 Bytes JMP 003D1014
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!ChangeServiceConfigA 772A6DD9 5 Bytes JMP 003D0804
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!ChangeServiceConfigW 772A6F81 5 Bytes JMP 003D0A08
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!ChangeServiceConfig2A 772A7099 5 Bytes JMP 003D0C0C
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!ChangeServiceConfig2W 772A71E1 5 Bytes JMP 003D0E10
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] ADVAPI32.dll!CreateServiceA 772A72A1 5 Bytes JMP 003D01F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] USER32.dll!SetWindowsHookExA 77356322 5 Bytes JMP 003E0600
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] USER32.dll!SetWindowsHookExW 773587AD 5 Bytes JMP 003E0804
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] USER32.dll!UnhookWindowsHookEx 773598DB 5 Bytes JMP 003E0A08
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] USER32.dll!SetWinEventHook 77359F3A 5 Bytes JMP 003E01F8
.text D:\Users\Honza\Downloads\gmer\gmer.exe[4152] USER32.dll!UnhookWinEvent 7735C06F 5 Bytes JMP 003E03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00180002
IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00180000
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1524] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[1752] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[2988] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3132] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[3448] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4000] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe[4076] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dc9892
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dc9892@44f459de8090 0x6E 0x6A 0x71 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641dc9892 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641dc9892@44f459de8090 0x6E 0x6A 0x71 0xCF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 9C96A233B2752E744B1883B26313033B94E5FA832F4C06887586831A101A21A673B38862B3A9ACDE26C137D62BCAA85D90171929EBF2BBA3C73082819FC50D876C38CB4348B6E44BF12EDFEB2BB620BABA1E9B7C96F3F9617A627372ECA69B49F37FF5550A6F8255810A954D72493517E8974650528247CD874BE85BCECFAEE1CAEB07402868E5F8F70663F9A4B6E319C327511CD994DE5A3D20E44CB519DDA883E0EE4DE2F9A41BCED94615787BDF4DCB7368FCF665ADDA4098E3FAA11FF55D0547156992C28600D2BCB2E438538BA1CF272CB28BF45987FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A6171C11EC38DE3D57C47BF3243FBD9CEA948BE6828EDFA9F5B93BA55415E9E50A09EA7E5617B2E61F799BAC1AA5379EA6DFCF3D455FDE0CF92F348AA63D93FE0FD41CC796F09F6B7F1C511A2053694B6424ADC38C6672900069085FAA5EADA9AF5973A8F343A70EBC7B4559FB1FF2E9EDA37B91B0BBF349F4BBDC526BF1F15E229C020AD109FDD0F1EE98AD032124A4E12585E29DB871281CFE4B3A0CB34A7B6B274F7CA57D8C1B89505E7FA1B9030C31720C1854FD2F080C8EE08FC023D6C16984542EFA236D36457C1B585609C993215B43B5676D22A3B0C81D6F5204EAD
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#66 Příspěvek od chodnik74 »

Zeptám se jak se chová pc? Jinak se poradím s kolegy co dále ;-)
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#67 Příspěvek od j.benzo »

Takhle to vypadá 1é min po spuštění :(
Přílohy
10 min po spuštění.jpg
10 min po spuštění.jpg (108.38 KiB) Zobrazeno 607 x
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#68 Příspěvek od j.benzo »

Jestli to nemá nějakou souvislost se softem od HP k tiskárně? HP Digital Imaging Monitor
V minulosti jsem něco podobnýho řešil na stolním PC. Jednalo se o jiný,ale několikanásobně spuštěný proces.
Toto startuje jako jedna z posledních položek.
Jinak start probíhá následovně.
Zhruba do 65 procesů v pohodě. Pak se to nějak zadrhne a po nějaké době pokračuje.
Jinak ten proces maká zhruba 20min po spuštění a pak zmizí.
Pak je noťas svižný.
Jinak Defrgler je super nástroj :wink:
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#69 Příspěvek od chodnik74 »

:arrow: Dočetl jsem se,že to může způsobovat proces cidaemon.exe,ten patří k Indexing Service ( můžeme zkusit vypnout)

Ale první zkusíme nainstalovat tuto aktualizaci http://www.microsoft.com/download/en/de ... en&id=1157 + aktualizujte systém přes Windows Update :)
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#70 Příspěvek od j.benzo »

Tak ta utilita není pro Visty :cry:
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#71 Příspěvek od chodnik74 »

Zkusíme zakázat indexování :)
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#72 Příspěvek od j.benzo »

Indexování je podle všeho vypnuté. To bylo první po čem jsem šel.
Aktualizace nainstalovány.
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#73 Příspěvek od chodnik74 »

A v čem je teď problém přesně? :) Asi ten proces..Mrknu u sebe jak mi to dělá po startu,já na tohle fakt čas nikdy neměl :D ale dám si tu práci..a jiný problém není?
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
j.benzo
Návštěvník
Návštěvník
Příspěvky: 89
Registrován: 15 srp 2010 18:58

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#74 Příspěvek od j.benzo »

Jiný problém nemám,všechno funguje.
Jenom mě to brzdí,když běží ten proces :arcisit: a zbytečně žere baterku.
Nahoru
Uživatelský avatar
chodnik74
Přítel fóra
Přítel fóra
Příspěvky: 4975
Registrován: 13 zář 2010 21:30
Bydliště: Napajedla
Kontaktovat uživatele:
Kontaktovat uživatele chodnik74

Re: Proces WmPrvSE.exe neúměrně vytěžuje procesor

#75 Příspěvek od chodnik74 »

Zkusil bych aktualizaci ovladačů,především síťových z webu výrobce,zvládnete to? :)
Napiš mi: chodnik74@gmail.com nebo Obrázek

>RSIT<>MBAM<>VirusTotal

Doporučuji:Obrázek | Obrázek

:!: Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. ;-) Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! :!:

:!: Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!

:idea: Jste s naší pomocí spokojeni :???: Neváhejte a podpořte forum ZDE.

Pravidla fora: č.1 a č.2
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“