x-kom hosting

Podglądanie rozmów na gg.

Shan-lee
utworzono
utworzono

Witam wszystkich. Mam dosyć banalne pytanie. Czy jest możliwość aby ktoś "wlazł" mi na kompa od siebie i podglądał rozmowy na gg? Domyślam się, że jest możliwość aby tak zrobić dlatego jeszcze bardziej interesuje mnie czy można taki program wykryć. Proszę o poradę, ponieważ mój ex zadziwiająco dużo wie na temat moich rozmów i twierdzi, że właśnie owym "programem" przechwytuje moje rozmowy. Mam Avasta i Comodo Firewall. Czy mogę zrobić coś jeszcze aby uchronić swoją prywatnosć przed takim podglądactwem?

wirusolog
komentarz
komentarz

Jeżeli przechwytuje to jakiś program musi być zainstalowany na Twoim komputerze.
Daj logi z [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u].

Shan-lee
komentarz
komentarz (edytowane)

[log]
OTL logfile created on: 2011-06-30 23:25:03 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = F:\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 46,48% Memory free
2,98 Gb Paging File | 2,32 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 27,70 Gb Free Space | 70,92% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 56,46 Gb Free Space | 96,35% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 116,90 Gb Free Space | 86,45% Space Free | Partition Type: NTFS

Computer Name: SHAN-LEE | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-30 23:23:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\Pobieranie\OTL.exe
PRC - [2011-06-23 19:06:29 | 013,361,760 | ---- | M] (GG Network S.A.) -- E:\Gadu-Gadu 10\gg.exe
PRC - [2011-06-22 10:51:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\firefox\firefox.exe
PRC - [2011-06-22 10:25:32 | 012,596,912 | ---- | M] (Mozilla Messaging) -- E:\thunderbird\thunderbird.exe
PRC - [2011-05-09 21:54:31 | 002,552,648 | ---- | M] (COMODO) -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011-05-09 21:54:24 | 001,779,792 | ---- | M] (COMODO) -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011-05-03 23:50:45 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\sched.exe
PRC - [2011-04-27 14:10:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\java\bin\jqs.exe
PRC - [2011-03-04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-03-04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 19:21:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-08-09 15:48:40 | 000,528,384 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
PRC - [2005-11-08 22:02:44 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- E:\Thunderbird-Tray\TBTray.exe
PRC - [2003-08-22 14:55:49 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-30 23:23:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\Pobieranie\OTL.exe
MOD - [2011-05-09 21:55:34 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:31 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fltlib.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-05-09 21:54:24 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-05-03 23:50:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-04-27 14:10:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-03-04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-12-08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-05-09 21:55:33 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011-05-09 21:55:33 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011-05-09 21:55:26 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011-03-04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-03-04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-07-30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-07-30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-07-30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-07-30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-11-19 15:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009-11-19 15:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009-11-19 15:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009-11-19 15:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009-11-19 15:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009-11-19 15:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009-11-19 15:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-06-27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004-08-04 02:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1
IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.pl/0,0.html?sc=1
IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\java\lib\deploy\jqs\ff [2011-04-27 14:10:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\firefox\components [2011-06-22 10:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\firefox\plugins [2011-04-27 23:39:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: E:\thunderbird\components [2011-06-22 10:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: E:\thunderbird\plugins

[2011-04-27 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Extensions
[2011-04-27 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-05-29 14:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Firefox\Profiles\brs192lm.default\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2011-06-26 13:18:04 | 000,435,284 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14981 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [Gadu-Gadu 10] E:\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Sandra\Menu Start\Programy\Autostart\TB-Tray.lnk = E:\Thunderbird-Tray\TBTray.exe (Felix 'SniperBeamer' Geyer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.159.225 78.31.159.227
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-04-25 21:16:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-26 12:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search & Destroy
[2011-06-26 12:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2011-06-23 18:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Gadu-Gadu 10
[2011-06-23 18:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-06-23 18:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl
[2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-06-23 18:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-06-23 17:54:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-06-23 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\DAEMON Tools Lite
[2011-06-23 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-06-07 10:50:22 | 000,000,000 | ---D | C] -- C:\output
[2011-06-07 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\JPG2PDF
[2011-05-31 21:34:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011-05-29 21:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nvu
[2011-05-29 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\RJ TextEd
[2011-05-21 00:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\psconvert
[2011-05-13 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ashampoo
[2011-05-12 14:38:37 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011-05-12 14:38:36 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011-05-12 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\BESTplayer
[2011-05-07 20:03:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011-05-07 20:03:54 | 000,025,456 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039nd5.sys
[2011-05-07 20:03:53 | 000,123,504 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039unic.sys
[2011-05-07 20:03:53 | 000,010,992 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cr.sys
[2011-05-07 20:03:52 | 000,124,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mdm.sys
[2011-05-07 20:03:52 | 000,117,872 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mgmt.sys
[2011-05-07 20:03:52 | 000,113,904 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039obex.sys
[2011-05-07 20:03:52 | 000,014,960 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mdfl.sys
[2011-05-07 20:03:52 | 000,012,528 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cmnt.sys
[2011-05-07 20:03:52 | 000,012,528 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cm.sys
[2011-05-07 20:03:51 | 000,098,672 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039bus.sys
[2011-05-07 20:03:51 | 000,012,400 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039whnt.sys
[2011-05-07 20:03:51 | 000,012,400 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039wh.sys
[2011-05-07 20:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011-05-07 19:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011-05-07 19:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011-05-07 18:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011-05-07 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011-05-04 13:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Hewlett-Packard
[2011-05-04 11:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2011-05-04 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data
[2011-05-04 11:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\PDF Annotator
[2011-05-03 23:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Avira
[2011-05-03 15:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-30 23:20:04 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Sandra\NTUSER.DAT
[2011-06-30 18:16:09 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011-06-30 18:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-06-30 18:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-30 18:14:30 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-30 13:09:11 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sandra\ntuser.ini
[2011-06-26 13:18:04 | 000,435,284 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-06-25 11:23:35 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-25 03:46:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-24 13:39:11 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-06-24 13:39:11 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-06-24 13:39:11 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-24 13:39:11 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-06-24 13:39:11 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-23 18:57:50 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Sandra\Pulpit\Gadu-Gadu 10.lnk
[2011-06-23 18:50:18 | 000,062,136 | ---- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2011-06-23 18:25:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-06-23 18:02:49 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-06-23 17:08:41 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-06 16:13:42 | 006,924,334 | -H-- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-06-01 22:22:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\karta godzinowa.pdf
[2011-05-31 00:28:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\cs_patronat_black.pdf
[2011-05-14 14:20:39 | 000,060,822 | ---- | M] () -- F:\internet.gif
[2011-05-09 21:55:34 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011-05-09 21:55:33 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011-05-09 21:55:33 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011-05-09 21:55:27 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011-05-09 21:55:26 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011-05-09 19:15:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\2131_0001.pdf
[2011-05-07 20:04:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011-05-07 19:51:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011-05-04 13:50:20 | 000,131,238 | ---- | M] () -- C:\WINDOWS\hpdj3600.his
[2011-05-04 13:50:20 | 000,010,011 | ---- | M] () -- C:\WINDOWS\hpdj3600.ini
[2011-05-04 13:35:18 | 000,030,999 | ---- | M] () -- C:\WINDOWS\hpdj3600.hi1
[2011-05-04 13:35:18 | 000,004,743 | ---- | M] () -- C:\WINDOWS\hpdj3600.bu1
[2011-05-03 15:43:26 | 000,133,035 | ---- | M] () -- C:\WINDOWS\hpdj3600.hi2
[2011-05-03 15:43:26 | 000,010,183 | ---- | M] () -- C:\WINDOWS\hpdj3600.bu2
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-23 18:57:50 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Sandra\Pulpit\Gadu-Gadu 10.lnk
[2011-06-23 18:57:22 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2011-06-01 22:22:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\karta godzinowa.pdf
[2011-05-31 00:28:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\cs_patronat_black.pdf
[2011-05-21 00:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2011-05-15 21:16:17 | 000,060,822 | ---- | C] () -- F:\internet.gif
[2011-05-12 14:38:41 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-05-12 14:38:36 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-05-12 14:38:35 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-05-12 14:38:35 | 000,000,590 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2011-05-10 00:32:52 | 006,924,334 | -H-- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-05-09 19:15:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\2131_0001.pdf
[2011-05-07 20:04:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011-05-07 19:51:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011-05-04 13:48:30 | 000,133,035 | ---- | C] () -- C:\WINDOWS\hpdj3600.hi2
[2011-05-04 13:48:30 | 000,010,183 | ---- | C] () -- C:\WINDOWS\hpdj3600.bu2
[2011-05-04 13:34:35 | 000,030,999 | ---- | C] () -- C:\WINDOWS\hpdj3600.hi1
[2011-05-04 13:34:35 | 000,004,743 | ---- | C] () -- C:\WINDOWS\hpdj3600.bu1
[2011-05-04 13:13:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-05-03 15:38:49 | 000,131,238 | ---- | C] () -- C:\WINDOWS\hpdj3600.his
[2011-05-03 15:38:49 | 000,010,011 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2011-05-01 21:00:32 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2011-04-30 23:24:38 | 000,062,136 | ---- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2011-04-30 03:49:06 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-27 23:41:57 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-04-26 23:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-25 23:07:06 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-04-25 23:07:05 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-04-25 23:03:50 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-25 21:19:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-04-25 21:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2011-04-25 21:15:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011-04-25 21:15:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011-04-25 21:13:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-04-25 21:13:18 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2011-04-25 21:13:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2011-04-25 21:12:39 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2011-04-25 21:12:38 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004-08-04 00:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 00:44:10 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004-08-04 00:44:04 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004-08-04 00:43:58 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004-08-04 00:43:56 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004-08-04 00:43:54 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004-08-04 00:43:16 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004-08-03 22:51:32 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004-08-03 22:48:52 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004-08-03 22:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004-08-03 22:45:34 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004-08-03 22:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004-08-03 22:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004-08-03 22:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004-08-03 22:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-17 11:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004-07-17 11:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2001-10-26 21:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001-10-26 21:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001-10-26 21:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001-10-26 21:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001-10-26 20:15:16 | 000,355,486 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 20:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 20:15:16 | 000,049,492 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 20:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-10-26 20:15:10 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2001-10-26 20:15:08 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2001-10-26 20:15:08 | 000,003,260 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2001-10-26 20:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001-10-26 20:14:58 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2001-10-26 20:14:56 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2001-10-26 20:14:54 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2001-10-26 20:14:54 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2001-10-26 20:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001-10-26 20:14:50 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2001-10-26 20:14:48 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2001-10-26 20:14:46 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2001-10-26 20:14:42 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2001-10-26 20:14:38 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2001-10-26 20:14:34 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2001-10-26 20:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001-10-26 20:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001-10-26 19:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001-10-26 19:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001-10-26 19:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001-10-26 19:45:10 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2001-10-26 19:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001-10-26 19:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001-10-26 19:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001-10-26 19:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001-08-23 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-18 01:35:10 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2001-08-18 01:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2001-08-18 01:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2001-08-18 01:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001-08-18 01:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001-08-18 01:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001-08-18 01:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001-08-18 01:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001-08-18 01:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001-08-18 01:30:24 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-18 01:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-18 01:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-18 01:30:22 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-18 01:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-08-18 01:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001-08-17 23:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001-07-22 06:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001-07-22 02:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-22 02:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-22 02:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001-07-22 02:16:20 | 000,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 02:15:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-22 02:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-05-01 17:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2011-06-23 17:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-05-01 16:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP
[2011-06-23 18:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-04-30 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2011-04-30 02:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-06-23 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-05-01 17:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2011-05-13 07:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Ashampoo
[2011-06-15 17:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\BESTplayer
[2011-06-23 17:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\DAEMON Tools Lite
[2011-04-26 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Foxit Software
[2011-06-23 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Gadu-Gadu 10
[2011-05-01 18:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\GetRightToGo
[2011-04-30 02:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nokia
[2011-04-25 21:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nowe Gadu-Gadu
[2011-05-29 21:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nvu
[2011-05-01 16:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Opera
[2011-04-30 03:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\PC Suite
[2011-06-17 14:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\RJ TextEd
[2011-04-27 12:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Thunderbird
[2011-05-01 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Ulead Systems
[2011-05-01 16:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\URSoft
[2011-06-30 18:16:09 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2011-04-25 21:16:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-04-25 21:10:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2011-04-25 21:16:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-06-30 18:14:30 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-23 16:16:22 | 000,048,733 | ---- | M] () -- C:\hpfr3600.log
[2011-04-25 21:16:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-04-25 21:16:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011-06-23 18:02:49 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-06-30 18:14:28 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51

< End of report >
[/log]

[log]
OTL Extras logfile created on: 2011-06-30 23:25:03 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = F:\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 46,48% Memory free
2,98 Gb Paging File | 2,32 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 27,70 Gb Free Space | 70,92% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 56,46 Gb Free Space | 96,35% Space Free | Partition Type: NTFS
Drive F: | 135,22 Gb Total Space | 116,90 Gb Free Space | 86,45% Space Free | Partition Type: NTFS

Computer Name: SHAN-LEE | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.js [@ = ] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\Nowe Gadu-Gadu\gg.exe" = E:\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E9AA8EB9-FCD1-4829-AE3C-F2D211C67F42}" = Internet Explorer
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Pakiet sterowników systemu Windows - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"E5372C32E8562C76C24DBA6525002B1031495F34" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.8)
"Foxit Reader" = Foxit Reader
"Gadu-Gadu 10" = Gadu-Gadu 10
"ie8" = Windows Internet Explorer 8
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"IrfanView" = IrfanView (remove only)
"JPG2PDF_is1" = JPG2PDF 2.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Nokia PC Suite" = Nokia PC Suite
"Nvu_is1" = Nvu 1.0
"Thunderbird-Tray" = Thunderbird-Tray
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-05-17 04:55:12 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-05-17 14:36:25 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-05-17 17:23:59 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-05-18 01:56:48 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-05-18 15:08:55 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-05-23 16:44:39 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 4.6.6.9, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-05-23 16:51:30 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 4.6.6.9, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-05-24 05:35:38 | Computer Name = SHAN-LEE | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd allupdate.exe, wersja 1.1.0.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.3541, adres błędu 0x00012a6b.

Error - 2011-06-02 16:23:39 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

Error - 2011-06-06 17:31:38 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 2.0.1.4120, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2011-06-24 12:34:38 | Computer Name = SHAN-LEE | Source = MRxSmb | ID = 8003
Description = Przeglądarka główna odebrała anons serwera z komputera AGNIESZK-58E2B4.
Komputer
ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{987D0364-CE6.
Przeglądarka
główna właśnie jest zatrzymywana albo wymuszany jest wybór.

Error - 2011-06-25 09:00:58 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-25 17:45:14 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-25 19:55:22 | Computer Name = SHAN-LEE | Source = MRxSmb | ID = 8003
Description = Przeglądarka główna odebrała anons serwera z komputera DANIEL. Komputer
ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{987D0364-CE66-4D21-83.
Przeglądarka
główna właśnie jest zatrzymywana albo wymuszany jest wybór.

Error - 2011-06-27 16:03:53 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-28 07:27:27 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-29 06:14:29 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-29 17:05:47 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-30 07:09:12 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.

Error - 2011-06-30 12:23:00 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032
Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii
zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}.
Przeglądarka
zapasowa jest zatrzymywana.


< End of report >
[/log]

[log]
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-01 13:38:56
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3250620A rev.3.AAF
Running: wqrydduw.exe; Driver: C:\DOCUME~1\Sandra\USTAWI~1\Temp\pxlcypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA983D8B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA983CE48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA983D518]
SSDT B99A60D6 ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA983CD28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA98401E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA9840568]
SSDT B99A60CC ZwCreateThread
SSDT B99A60DB ZwDeleteKey
SSDT B99A60E5 ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA983C51A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA983E864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA983EABA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA983FBF0]
SSDT B99A60EA ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA983D110]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA983D6F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA983E116]
SSDT B99A60B8 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA983D3B4]
SSDT B99A60BD ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA983ECC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA983F11C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA983EEDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA983E67C]
SSDT B99A60F4 ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA983F68C]
SSDT B99A60EF ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA983F940]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA983DEEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA983FEE8]
SSDT B99A60E0 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA983D07A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA983D2A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA983CB2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA983C918]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 168 804E27D4 4 Bytes [64, E8, 83, A9]
.text ntoskrnl.exe!_abnormal_termination + 170 804E27DC 4 Bytes [BA, EA, 83, A9]
.text ntoskrnl.exe!_abnormal_termination + 395 804E2A01 3 Bytes [F9, 83, A9]
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 4 Bytes [E8, FE, 83, A9]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005166A0 E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0052E5C0 E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avshadow.exe[964] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Thunderbird-Tray\TBTray.exe[1140] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avguard.exe[1636] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\java\bin\jqs.exe[1684] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe[1996] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074A730 E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2272] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 016C7E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 016BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 016C7E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 016C7ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 016C7EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 016C7E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 016C74E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 016C7E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 016C7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016C7490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 016C7DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 016C7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 016C7E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 016C77A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 016C7530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016C5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 016BCF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 016C7D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016C7CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016C7A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 016C7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016C7D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016C7AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016C26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016C3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016C7D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016C7AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 016C7B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 016C7AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016C7CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 016C7B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 016C7BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 016C7CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 016C7C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 016C7C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 016C7C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 016C7B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 016C7B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 016C7BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 016C7C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 016C7B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 016C7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 016C7C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 016C7A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!WinExec + 3 7C862510 2 Bytes [E6, 84] {OUT 0x84, AL}
.text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 016C7D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 016C1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 016C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 016C7970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 016C7990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 016CDFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 016C79F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 016C7A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 016C7A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 016C7A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 016CE420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\thunderbird\thunderbird.exe[2800] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 016CE1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00F17E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F0CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F17E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F17ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F17EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00F17E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00F174E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00F17E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00F17DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F17490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00F17DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00F17DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F17E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00F177A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00F17530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F15680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F0CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F17D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F17CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F17A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00F17D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F17D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F17AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F126F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F13280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F17D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F17AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00F17B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00F17AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F17CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00F17B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F17BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00F17CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00F17C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F17C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F17C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F17B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F17B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F17BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F17C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00F17B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00F17BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00F17C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00F17A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] kernel32.dll!WinExec + 3 7C862510 2 Bytes [6B, 84]
.text E:\firefox\firefox.exe[3276] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00F17D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00F11220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00F11B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00F17970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00F17990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104AC3EA E:\firefox\xul.dll (Mozilla Foundation)
.text E:\firefox\firefox.exe[3276] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00F1DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00F179F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00F17A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00F17A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00F17A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00F1E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\firefox\firefox.exe[3276] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00F1E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----
[/log]

wirusolog
komentarz
komentarz (edytowane)

W tych logach jest chyba czysto.
Napisałem ,,chyba" bo niepokoi mnie ten wpis:

[quote]
[2011-05-15 21:16:17 | 000,060,822 | ---- | C] () -- F:\internet.gif
[/quote]
Rozumiem, że to jest *.gif , ale możliwe, że to jest właśnie jakiś śmietek (w systemie nie widać żadnego keyloggera) i on może szpiegować.

Daje mini-skrypt do wykonania.

[hr]

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

:Files
C:\WINDOWS\tasks\WGASetup.job
F:\internet.gif

:Commands
[resethosts]
[emptyflash]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] [quote]
O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[/quote]
Spybot Search & Destroy do deinstalacji. Program archaiczny, nieaktualizowany od ponad dwóch lat, o słabych właściwościach.
Po deinstalacji już się nie skusić na ponowne instalowanie w przyszłości. Teraz spyware adresują nowoczesne antywirusy i Spybot to historia.

[b]3.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania.

Shan-lee
komentarz
komentarz

Internet.gif to jest plik ktory ja sama z neta ściągnęłam.

wirusolog
komentarz
komentarz

W takim razie skrypt będzie wyglądać tak:

[code]:OTL
O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

:Files
C:\WINDOWS\tasks\WGASetup.job

:Commands
[resethosts]
[emptyflash]
[emptytemp][/code]

Oczywiście, inne elementy są dalej na mocy.

Shan-lee
komentarz
komentarz

[log]
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found.
File G:\systemcheck.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found.
File G:\systemcheck.exe not found.
========== FILES ==========
C:\WINDOWS\tasks\WGASetup.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sandra
->Flash cache emptied: 10776 bytes

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[emptytemp]OCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI> in the current context!
========== FILES ==========
File\Folder C:\WINDOWS\tasks\WGASetup.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sandra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36890 bytes

User: Sandra
->Temp folder emptied: 6522826 bytes
->Temporary Internet Files folder emptied: 41625166 bytes
->Java cache emptied: 1321632 bytes
->FireFox cache emptied: 601720918 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178568 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 623,00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07012011_195153

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]

wirusolog
komentarz
komentarz (edytowane)

Usunięte.

Kroki końcowe:

[b]1.[/b] Uruchom OTL i wciśnij [b]Sprzątanie[/b].

[b]2.[/b] Aktualizacja zabezpieczeń:
[quote]
"Mozilla Thunderbird (3.1.11)" = [b]Mozilla Thunderbird (3.1.11)[/b]
"KLiteCodecPack_is1" = [b]K-Lite Mega Codec Pack 7.1.0[/b]
"Adobe Flash Player Plugin" = [b]Adobe Flash Player 10 Plugin[/b]
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = [b]Java™ 6 Update 24[/b]
[/quote]
[list]
[*]Do aktualizacji 32-bitowa wersja [url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][color="#0000FF"][b]Java 6 Update 26 (JRE)[/b][/color][/url] (Download JRE > wybór jednego z instalatorów o nazwie "Windows x86...").
[*]Nie jest tu widoczna wersja Flash, na wszelki wypadek podsuwam do aktualizacji [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.34[/b][/color][/url]. Jeśli ma się odbyć aktualizacja w Firefox oraz Internet Explorer, stronę należy otworzyć dwa razy w każdej z przeglądarek z osobna. Nie dotyczy Google Chrome (ma własny wbudowany Flash). I Google Chrome - też nie widzę czy to aktualna wersja.
[*]Kodeki tak samo, aktualizacja do wersji [url=http://www.dobreprogramy.pl/KLite-Codec-Pack,Program,Windows,13137.html][b][color=blue][u]7.20[/url][/b][/color][/u].
[*]Mozilla Thunderbird jest już w wersji [url=http://www.dobreprogramy.pl/Mozilla-Thunderbird,Program,Windows,13298.html][b][color=blue][u]5.0[/url][/b][/color][/u].
[/list]

[b]3.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u]

[b]4.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy).

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.