Shan-lee utworzono 26 czerwca 2011 utworzono 26 czerwca 2011 Witam wszystkich. Mam dosyć banalne pytanie. Czy jest możliwość aby ktoś "wlazł" mi na kompa od siebie i podglądał rozmowy na gg? Domyślam się, że jest możliwość aby tak zrobić dlatego jeszcze bardziej interesuje mnie czy można taki program wykryć. Proszę o poradę, ponieważ mój ex zadziwiająco dużo wie na temat moich rozmów i twierdzi, że właśnie owym "programem" przechwytuje moje rozmowy. Mam Avasta i Comodo Firewall. Czy mogę zrobić coś jeszcze aby uchronić swoją prywatnosć przed takim podglądactwem?
wirusolog komentarz 26 czerwca 2011 komentarz 26 czerwca 2011 Jeżeli przechwytuje to jakiś program musi być zainstalowany na Twoim komputerze. Daj logi z [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u].
Shan-lee komentarz 30 czerwca 2011 Autor komentarz 30 czerwca 2011 (edytowane) [log] OTL logfile created on: 2011-06-30 23:25:03 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = F:\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 46,48% Memory free 2,98 Gb Paging File | 2,32 Gb Available in Paging File | 77,88% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 27,70 Gb Free Space | 70,92% Space Free | Partition Type: NTFS Drive E: | 58,59 Gb Total Space | 56,46 Gb Free Space | 96,35% Space Free | Partition Type: NTFS Drive F: | 135,22 Gb Total Space | 116,90 Gb Free Space | 86,45% Space Free | Partition Type: NTFS Computer Name: SHAN-LEE | User Name: Sandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-30 23:23:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\Pobieranie\OTL.exe PRC - [2011-06-23 19:06:29 | 013,361,760 | ---- | M] (GG Network S.A.) -- E:\Gadu-Gadu 10\gg.exe PRC - [2011-06-22 10:51:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\firefox\firefox.exe PRC - [2011-06-22 10:25:32 | 012,596,912 | ---- | M] (Mozilla Messaging) -- E:\thunderbird\thunderbird.exe PRC - [2011-05-09 21:54:31 | 002,552,648 | ---- | M] (COMODO) -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe PRC - [2011-05-09 21:54:24 | 001,779,792 | ---- | M] (COMODO) -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2011-05-03 23:50:45 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\sched.exe PRC - [2011-04-27 14:10:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\java\bin\jqs.exe PRC - [2011-03-04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avguard.exe PRC - [2011-03-04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 19:21:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-08-09 15:48:40 | 000,528,384 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe PRC - [2005-11-08 22:02:44 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- E:\Thunderbird-Tray\TBTray.exe PRC - [2003-08-22 14:55:49 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-30 23:23:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\Pobieranie\OTL.exe MOD - [2011-05-09 21:55:34 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:31 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fltlib.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-05-09 21:54:24 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2011-05-03 23:50:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-04-27 14:10:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011-03-04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-12-08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-05-09 21:55:33 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2011-05-09 21:55:33 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2011-05-09 21:55:26 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011-03-04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011-03-04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-07-30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-07-30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-07-30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-07-30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009-11-19 15:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2009-11-19 15:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2009-11-19 15:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009-11-19 15:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2009-11-19 15:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2009-11-19 15:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009-11-19 15:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007-06-27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2004-08-04 02:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1 IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.pl/0,0.html?sc=1 IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\java\lib\deploy\jqs\ff [2011-04-27 14:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\firefox\components [2011-06-22 10:51:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\firefox\plugins [2011-04-27 23:39:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: E:\thunderbird\components [2011-06-22 10:25:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: E:\thunderbird\plugins [2011-04-27 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Extensions [2011-04-27 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011-05-29 14:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Dane aplikacji\Mozilla\Firefox\Profiles\brs192lm.default\extensions File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2011-06-26 13:18:04 | 000,435,284 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14981 more lines... O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP) O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [Gadu-Gadu 10] E:\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\Sandra\Menu Start\Programy\Autostart\TB-Tray.lnk = E:\Thunderbird-Tray\TBTray.exe (Felix 'SniperBeamer' Geyer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.159.225 78.31.159.227 O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-25 21:16:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-26 12:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search & Destroy [2011-06-26 12:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2011-06-23 18:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Gadu-Gadu 10 [2011-06-23 18:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-06-23 18:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2011-06-23 18:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2011-06-23 18:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2011-06-23 17:54:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2011-06-23 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\DAEMON Tools Lite [2011-06-23 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-06-07 10:50:22 | 000,000,000 | ---D | C] -- C:\output [2011-06-07 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\JPG2PDF [2011-05-31 21:34:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011-05-29 21:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nvu [2011-05-29 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\RJ TextEd [2011-05-21 00:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\psconvert [2011-05-13 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ashampoo [2011-05-12 14:38:37 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2011-05-12 14:38:36 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2011-05-12 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\BESTplayer [2011-05-07 20:03:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011-05-07 20:03:54 | 000,025,456 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039nd5.sys [2011-05-07 20:03:53 | 000,123,504 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039unic.sys [2011-05-07 20:03:53 | 000,010,992 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cr.sys [2011-05-07 20:03:52 | 000,124,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mdm.sys [2011-05-07 20:03:52 | 000,117,872 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mgmt.sys [2011-05-07 20:03:52 | 000,113,904 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039obex.sys [2011-05-07 20:03:52 | 000,014,960 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039mdfl.sys [2011-05-07 20:03:52 | 000,012,528 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cmnt.sys [2011-05-07 20:03:52 | 000,012,528 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039cm.sys [2011-05-07 20:03:51 | 000,098,672 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039bus.sys [2011-05-07 20:03:51 | 000,012,400 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039whnt.sys [2011-05-07 20:03:51 | 000,012,400 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1039wh.sys [2011-05-07 20:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2011-05-07 19:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2011-05-07 19:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2011-05-07 18:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-05-07 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011-05-04 13:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Hewlett-Packard [2011-05-04 11:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data [2011-05-04 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data [2011-05-04 11:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\PDF Annotator [2011-05-03 23:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Dane aplikacji\Avira [2011-05-03 15:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-30 23:20:04 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Sandra\NTUSER.DAT [2011-06-30 18:16:09 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011-06-30 18:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-06-30 18:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-06-30 18:14:30 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys [2011-06-30 13:09:11 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sandra\ntuser.ini [2011-06-26 13:18:04 | 000,435,284 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-06-25 11:23:35 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-25 03:46:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-06-24 13:39:11 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-06-24 13:39:11 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-24 13:39:11 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-24 13:39:11 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-24 13:39:11 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-23 18:57:50 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Sandra\Pulpit\Gadu-Gadu 10.lnk [2011-06-23 18:50:18 | 000,062,136 | ---- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-06-23 18:25:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-06-23 18:02:49 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-06-23 17:08:41 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-06 16:13:42 | 006,924,334 | -H-- | M] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-06-01 22:22:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\karta godzinowa.pdf [2011-05-31 00:28:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\cs_patronat_black.pdf [2011-05-14 14:20:39 | 000,060,822 | ---- | M] () -- F:\internet.gif [2011-05-09 21:55:34 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2011-05-09 21:55:33 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2011-05-09 21:55:33 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2011-05-09 21:55:27 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2011-05-09 21:55:26 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2011-05-09 19:15:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandra\2131_0001.pdf [2011-05-07 20:04:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2011-05-07 19:51:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011-05-04 13:50:20 | 000,131,238 | ---- | M] () -- C:\WINDOWS\hpdj3600.his [2011-05-04 13:50:20 | 000,010,011 | ---- | M] () -- C:\WINDOWS\hpdj3600.ini [2011-05-04 13:35:18 | 000,030,999 | ---- | M] () -- C:\WINDOWS\hpdj3600.hi1 [2011-05-04 13:35:18 | 000,004,743 | ---- | M] () -- C:\WINDOWS\hpdj3600.bu1 [2011-05-03 15:43:26 | 000,133,035 | ---- | M] () -- C:\WINDOWS\hpdj3600.hi2 [2011-05-03 15:43:26 | 000,010,183 | ---- | M] () -- C:\WINDOWS\hpdj3600.bu2 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-23 18:57:50 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Sandra\Pulpit\Gadu-Gadu 10.lnk [2011-06-23 18:57:22 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-06-01 22:22:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\karta godzinowa.pdf [2011-05-31 00:28:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\cs_patronat_black.pdf [2011-05-21 00:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll [2011-05-15 21:16:17 | 000,060,822 | ---- | C] () -- F:\internet.gif [2011-05-12 14:38:41 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-05-12 14:38:36 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-05-12 14:38:35 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-12 14:38:35 | 000,000,590 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2011-05-10 00:32:52 | 006,924,334 | -H-- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-05-09 19:15:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandra\2131_0001.pdf [2011-05-07 20:04:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2011-05-07 19:51:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011-05-04 13:48:30 | 000,133,035 | ---- | C] () -- C:\WINDOWS\hpdj3600.hi2 [2011-05-04 13:48:30 | 000,010,183 | ---- | C] () -- C:\WINDOWS\hpdj3600.bu2 [2011-05-04 13:34:35 | 000,030,999 | ---- | C] () -- C:\WINDOWS\hpdj3600.hi1 [2011-05-04 13:34:35 | 000,004,743 | ---- | C] () -- C:\WINDOWS\hpdj3600.bu1 [2011-05-04 13:13:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011-05-03 15:38:49 | 000,131,238 | ---- | C] () -- C:\WINDOWS\hpdj3600.his [2011-05-03 15:38:49 | 000,010,011 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2011-05-01 21:00:32 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2011-04-30 23:24:38 | 000,062,136 | ---- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-04-30 03:49:06 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Sandra\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-27 23:41:57 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011-04-26 23:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-25 23:07:06 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-04-25 23:07:05 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-04-25 23:03:50 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-04-25 21:19:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-04-25 21:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2011-04-25 21:15:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2011-04-25 21:15:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2011-04-25 21:13:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-04-25 21:13:18 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2011-04-25 21:13:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2011-04-25 21:12:39 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2011-04-25 21:12:38 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2004-08-04 00:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-04 00:44:10 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004-08-04 00:44:04 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004-08-04 00:43:58 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004-08-04 00:43:56 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2004-08-04 00:43:54 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004-08-04 00:43:16 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004-08-03 22:51:32 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2004-08-03 22:48:52 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2004-08-03 22:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004-08-03 22:45:34 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004-08-03 22:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004-08-03 22:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004-08-03 22:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004-08-03 22:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004-07-17 11:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004-07-17 11:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2001-10-26 21:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 21:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 21:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 21:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 20:15:16 | 000,355,486 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 20:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 20:15:16 | 000,049,492 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 20:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-10-26 20:15:10 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2001-10-26 20:15:08 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2001-10-26 20:15:08 | 000,003,260 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2001-10-26 20:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 20:14:58 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2001-10-26 20:14:56 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2001-10-26 20:14:54 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2001-10-26 20:14:54 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2001-10-26 20:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 20:14:50 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2001-10-26 20:14:48 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2001-10-26 20:14:46 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2001-10-26 20:14:42 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2001-10-26 20:14:38 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2001-10-26 20:14:34 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2001-10-26 20:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 20:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 19:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 19:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 19:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 19:45:10 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2001-10-26 19:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 19:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 19:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 19:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-08-23 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 01:35:10 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2001-08-18 01:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2001-08-18 01:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2001-08-18 01:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-18 01:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-18 01:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-18 01:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-18 01:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-18 01:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-18 01:30:24 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 01:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 01:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 01:30:22 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 01:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-08-18 01:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 23:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 06:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-22 02:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 02:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 02:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001-07-22 02:16:20 | 000,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-22 02:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== LOP Check ==========[/color] [2011-05-01 17:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2011-06-23 17:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-05-01 16:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP [2011-06-23 18:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-04-30 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2011-04-30 02:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2011-06-23 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2011-05-01 17:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2011-05-13 07:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Ashampoo [2011-06-15 17:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\BESTplayer [2011-06-23 17:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\DAEMON Tools Lite [2011-04-26 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Foxit Software [2011-06-23 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Gadu-Gadu 10 [2011-05-01 18:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\GetRightToGo [2011-04-30 02:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nokia [2011-04-25 21:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nowe Gadu-Gadu [2011-05-29 21:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Nvu [2011-05-01 16:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Opera [2011-04-30 03:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\PC Suite [2011-06-17 14:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\RJ TextEd [2011-04-27 12:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Thunderbird [2011-05-01 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\Ulead Systems [2011-05-01 16:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Dane aplikacji\URSoft [2011-06-30 18:16:09 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-04-25 21:16:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-04-25 21:10:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2011-04-25 21:16:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-06-30 18:14:30 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys [2011-06-23 16:16:22 | 000,048,733 | ---- | M] () -- C:\hpfr3600.log [2011-04-25 21:16:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-04-25 21:16:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011-06-23 18:02:49 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-06-30 18:14:28 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2011-06-23 17:54:12 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 < End of report > [/log] [log] OTL Extras logfile created on: 2011-06-30 23:25:03 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = F:\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 46,48% Memory free 2,98 Gb Paging File | 2,32 Gb Available in Paging File | 77,88% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 27,70 Gb Free Space | 70,92% Space Free | Partition Type: NTFS Drive E: | 58,59 Gb Total Space | 56,46 Gb Free Space | 96,35% Space Free | Partition Type: NTFS Drive F: | 135,22 Gb Total Space | 116,90 Gb Free Space | 86,45% Space Free | Partition Type: NTFS Computer Name: SHAN-LEE | User Name: Sandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- Reg Error: Key error. File not found .js [@ = ] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = ] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "E:\Nowe Gadu-Gadu\gg.exe" = E:\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{E9AA8EB9-FCD1-4829-AE3C-F2D211C67F42}" = Internet Explorer "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Pakiet sterowników systemu Windows - Nokia Modem (10/07/2010 4.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "E5372C32E8562C76C24DBA6525002B1031495F34" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.8) "Foxit Reader" = Foxit Reader "Gadu-Gadu 10" = Gadu-Gadu 10 "ie8" = Windows Internet Explorer 8 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "IrfanView" = IrfanView (remove only) "JPG2PDF_is1" = JPG2PDF 2.0 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0 "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11) "Nokia PC Suite" = Nokia PC Suite "Nvu_is1" = Nvu 1.0 "Thunderbird-Tray" = Thunderbird-Tray "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YU2010_is1" = Your Uninstaller! 2010 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-823518204-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-05-17 04:55:12 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-05-17 14:36:25 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-05-17 17:23:59 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-05-18 01:56:48 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-05-18 15:08:55 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-05-23 16:44:39 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 4.6.6.9, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-05-23 16:51:30 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 4.6.6.9, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-05-24 05:35:38 | Computer Name = SHAN-LEE | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd allupdate.exe, wersja 1.1.0.0, moduł powodujący błąd kernel32.dll, wersja 5.1.2600.3541, adres błędu 0x00012a6b. Error - 2011-06-02 16:23:39 | Computer Name = SHAN-LEE | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2011-06-06 17:31:38 | Computer Name = SHAN-LEE | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 2.0.1.4120, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2011-06-24 12:34:38 | Computer Name = SHAN-LEE | Source = MRxSmb | ID = 8003 Description = Przeglądarka główna odebrała anons serwera z komputera AGNIESZK-58E2B4. Komputer ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{987D0364-CE6. Przeglądarka główna właśnie jest zatrzymywana albo wymuszany jest wybór. Error - 2011-06-25 09:00:58 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-25 17:45:14 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-25 19:55:22 | Computer Name = SHAN-LEE | Source = MRxSmb | ID = 8003 Description = Przeglądarka główna odebrała anons serwera z komputera DANIEL. Komputer ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{987D0364-CE66-4D21-83. Przeglądarka główna właśnie jest zatrzymywana albo wymuszany jest wybór. Error - 2011-06-27 16:03:53 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-28 07:27:27 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-29 06:14:29 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-29 17:05:47 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-30 07:09:12 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. Error - 2011-06-30 12:23:00 | Computer Name = SHAN-LEE | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{987D0364-CE66-4D21-837C-B6C97AAD994F}. Przeglądarka zapasowa jest zatrzymywana. < End of report > [/log] [log] GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-01 13:38:56 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3250620A rev.3.AAF Running: wqrydduw.exe; Driver: C:\DOCUME~1\Sandra\USTAWI~1\Temp\pxlcypob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA983D8B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA983CE48] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA983D518] SSDT B99A60D6 ZwCreateKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA983CD28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA98401E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA9840568] SSDT B99A60CC ZwCreateThread SSDT B99A60DB ZwDeleteKey SSDT B99A60E5 ZwDeleteValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA983C51A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA983E864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA983EABA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA983FBF0] SSDT B99A60EA ZwLoadKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA983D110] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA983D6F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA983E116] SSDT B99A60B8 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA983D3B4] SSDT B99A60BD ZwOpenThread SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA983ECC8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA983F11C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA983EEDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA983E67C] SSDT B99A60F4 ZwReplaceKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA983F68C] SSDT B99A60EF ZwRestoreKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA983F940] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA983DEEE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA983FEE8] SSDT B99A60E0 ZwSetValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA983D07A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA983D2A0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA983CB2A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA983C918] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 168 804E27D4 4 Bytes [64, E8, 83, A9] .text ntoskrnl.exe!_abnormal_termination + 170 804E27DC 4 Bytes [BA, EA, 83, A9] .text ntoskrnl.exe!_abnormal_termination + 395 804E2A01 3 Bytes [F9, 83, A9] .text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 4 Bytes [E8, FE, 83, A9] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe[236] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[276] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\wuauclt.exe[380] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[380] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[468] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[804] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005166A0 E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0052E5C0 E:\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\avshadow.exe[964] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avshadow.exe[964] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\Thunderbird-Tray\TBTray.exe[1140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Thunderbird-Tray\TBTray.exe[1140] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1336] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1336] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\sched.exe[1384] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[1384] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1468] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\avguard.exe[1636] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[1636] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\java\bin\jqs.exe[1684] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\java\bin\jqs.exe[1684] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1880] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[1936] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe[1996] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074A730 E:\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\wscntfy.exe[2272] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2272] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2492] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2492] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2700] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 016C7E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 016BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 016C7E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 016C7ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 016C7EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 016C7E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 016C74E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 016C7E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 016C7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016C7490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 016C7DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 016C7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 016C7E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 016C77A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 016C7530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016C5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 016BCF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 016C7D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016C7CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016C7A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 016C7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016C7D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016C7AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016C26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016C3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016C7D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016C7AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 016C7B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 016C7AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016C7CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 016C7B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 016C7BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 016C7CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 016C7C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 016C7C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 016C7C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 016C7B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 016C7B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 016C7BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 016C7C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 016C7B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 016C7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 016C7C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 016C7A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!WinExec + 3 7C862510 2 Bytes [E6, 84] {OUT 0x84, AL} .text E:\thunderbird\thunderbird.exe[2800] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 016C7D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 016C1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 016C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 016C7970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 016C7990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 016CDFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 016C79F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 016C7A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 016C7A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 016C7A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 016CE420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\thunderbird\thunderbird.exe[2800] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 016CE1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00F17E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F0CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F17E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F17ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F17EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00F17E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00F174E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00F17E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00F17DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F17490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00F17DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00F17DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F17E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00F177A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00F17530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F15680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F0CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F17D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F17CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F17A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00F17D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F17D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F17AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F126F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F13280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F17D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F17AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00F17B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00F17AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F17CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00F17B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F17BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00F17CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00F17C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F17C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F17C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F17B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F17B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F17BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F17C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00F17B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00F17BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00F17C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00F17A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] kernel32.dll!WinExec + 3 7C862510 2 Bytes [6B, 84] .text E:\firefox\firefox.exe[3276] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00F17D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00F11220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00F11B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00F17970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00F17990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104AC3EA E:\firefox\xul.dll (Mozilla Foundation) .text E:\firefox\firefox.exe[3276] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00F1DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00F179F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00F17A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00F17A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00F17A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00F1E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\firefox\firefox.exe[3276] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00F1E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text F:\Pobieranie\wqrydduw.exe[3720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\Pobieranie\wqrydduw.exe[3720] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- EOF - GMER 1.0.15 ---- [/log]
wirusolog komentarz 1 lipca 2011 komentarz 1 lipca 2011 (edytowane) W tych logach jest chyba czysto. Napisałem ,,chyba" bo niepokoi mnie ten wpis: [quote] [2011-05-15 21:16:17 | 000,060,822 | ---- | C] () -- F:\internet.gif [/quote] Rozumiem, że to jest *.gif , ale możliwe, że to jest właśnie jakiś śmietek (w systemie nie widać żadnego keyloggera) i on może szpiegować. Daje mini-skrypt do wykonania. [hr] [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI :Files C:\WINDOWS\tasks\WGASetup.job F:\internet.gif :Commands [resethosts] [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] [quote] O4 - HKU\S-1-5-21-823518204-1993962763-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) [/quote] Spybot Search & Destroy do deinstalacji. Program archaiczny, nieaktualizowany od ponad dwóch lat, o słabych właściwościach. Po deinstalacji już się nie skusić na ponowne instalowanie w przyszłości. Teraz spyware adresują nowoczesne antywirusy i Spybot to historia. [b]3.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania.
Shan-lee komentarz 1 lipca 2011 Autor komentarz 1 lipca 2011 Internet.gif to jest plik ktory ja sama z neta ściągnęłam.
wirusolog komentarz 1 lipca 2011 komentarz 1 lipca 2011 W takim razie skrypt będzie wyglądać tak: [code]:OTL O33 - MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\Shell\AutoRun\command - "" = G:\systemcheck.exe File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI :Files C:\WINDOWS\tasks\WGASetup.job :Commands [resethosts] [emptyflash] [emptytemp][/code] Oczywiście, inne elementy są dalej na mocy.
Shan-lee komentarz 1 lipca 2011 Autor komentarz 1 lipca 2011 [log] All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found. File G:\systemcheck.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539307bc-8bba-11e0-9ed9-00304f1fb276}\ not found. File G:\systemcheck.exe not found. ========== FILES ========== C:\WINDOWS\tasks\WGASetup.job moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: Sandra ->Flash cache emptied: 10776 bytes Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <[emptytemp]OCUMENTS AND SETTINGS\SANDRA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\BRS192LM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI> in the current context! ========== FILES ========== File\Folder C:\WINDOWS\tasks\WGASetup.job not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: Sandra ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 36890 bytes User: Sandra ->Temp folder emptied: 6522826 bytes ->Temporary Internet Files folder emptied: 41625166 bytes ->Java cache emptied: 1321632 bytes ->FireFox cache emptied: 601720918 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134153 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 178568 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 623,00 mb OTL by OldTimer - Version 3.2.25.0 log created on 07012011_195153 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log]
wirusolog komentarz 2 lipca 2011 komentarz 2 lipca 2011 (edytowane) Usunięte. Kroki końcowe: [b]1.[/b] Uruchom OTL i wciśnij [b]Sprzątanie[/b]. [b]2.[/b] Aktualizacja zabezpieczeń: [quote] "Mozilla Thunderbird (3.1.11)" = [b]Mozilla Thunderbird (3.1.11)[/b] "KLiteCodecPack_is1" = [b]K-Lite Mega Codec Pack 7.1.0[/b] "Adobe Flash Player Plugin" = [b]Adobe Flash Player 10 Plugin[/b] "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = [b]Java™ 6 Update 24[/b] [/quote] [list] [*]Do aktualizacji 32-bitowa wersja [url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][color="#0000FF"][b]Java 6 Update 26 (JRE)[/b][/color][/url] (Download JRE > wybór jednego z instalatorów o nazwie "Windows x86..."). [*]Nie jest tu widoczna wersja Flash, na wszelki wypadek podsuwam do aktualizacji [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.34[/b][/color][/url]. Jeśli ma się odbyć aktualizacja w Firefox oraz Internet Explorer, stronę należy otworzyć dwa razy w każdej z przeglądarek z osobna. Nie dotyczy Google Chrome (ma własny wbudowany Flash). I Google Chrome - też nie widzę czy to aktualna wersja. [*]Kodeki tak samo, aktualizacja do wersji [url=http://www.dobreprogramy.pl/KLite-Codec-Pack,Program,Windows,13137.html][b][color=blue][u]7.20[/url][/b][/color][/u]. [*]Mozilla Thunderbird jest już w wersji [url=http://www.dobreprogramy.pl/Mozilla-Thunderbird,Program,Windows,13298.html][b][color=blue][u]5.0[/url][/b][/color][/u]. [/list] [b]3.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u] [b]4.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy). 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.