Aller au contenu

cbr1975

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

cbr1975's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. cbr1975
    Bonjour Mark, Après plus de 8 jours sans accès à internet, me revoilà. Il se trouve que j'ai toujours des problèmes avec ma barre des taches. Elle s'affiche mais n'est pas disponible avant 20 bonnes mm. J'ai le sablier si je veux ouvrir une appli via le bouton démarrer. Les dossiers et fichiers ouverts à partir du bureau ne s'affichent pas dans la barre des taches. Avant d'installer le pack SP3 manuellement, je suppose qu'il serait préférable de résoudre le problème de MAJ du fichier KB898461 avant. A+ Christelle
  2. cbr1975
    Les virus dont je parle sont ceux qui se trouvent en quarantaine. J'ai quand même fait un scan au cas où, résultat négatif. A +
  3. cbr1975
    Bonjour Mark, J'ai remis les clé de registre du 11/05, du 06/05/ et du 22/04. Depuis celle du 22, je n'ai visiblement plus de problème. Il ne me reste plus qu'à supprimer mes virus, corriger mon erreur de MAJ et installer SP3. Quand au reste, on verra après. Si tu a besoin de quoi que se soit ... Christelle
  4. cbr1975
    Bonsoir, Je ne peux pas te dire à quand remonte mes problèmes de barre des taches. Je doit dire que je ne m'en suis pas rendu compte tout de suite. En y réfléchissant, c'est vrai que ça pourrait venir d'un coût de Ccleaner. Je peux tenter de faire machine arrière sachant que je n'ai pas forcement toutes les sauvegardes. Je fait 1 sauvegarde alors que parfois je fais 2 ou 3 passages. Si tu sais comment faire ... Quant à SP3, effectivement je ne l'ai pas. Par contre, j'ai une MAJ qui ne se fait pas. C'est la KB898461, il y a une erreur lors de la copie du fichier spmsg.dll, impossible de copier le fichier vers le répertoire de destination. J'installerai SP3 dès que j'aurais ton feu vert. A+ Christelle
  5. cbr1975
    Je viens de voir que j'ai IE8. Je croyais être à la version 7. Ma fille qui est à "l'origine" du problème, m'a dit qu'elle avait vue le logo IE8 comme la pub. En principe, elle n'ait pas allée sur internet ce jour là. J'en doute sinon elle n'aurais pas vue de pub. Je suppose qu'elle a du faire une manip sans s'en rendre compte. Bref, je ne sais pas ce qu'il s'est passé. La seule chose sûre, c'est que les fichiers ont été mis en quarantaine juste avant que ma fille éteigne l'ordi. Sinon c'est bien moi qui ai installé IE8 si tu me dis qu'il est dispo depuis février. C'est possible puisque je nai pas remarque de changement. Bye
  6. cbr1975
    Bonjour Mark, T'inquiète pas pour le délai. Je suis pas la seule à avoir des problèmes. Tu dois avoir une vie (travail, famille ...) en dehors du site. Pour répondre à ta question : http://forum.zebulon.fr/style_emoticons/de...on_confused.gif euh ... c'est quoi le SP3 pour XP ? http://forum.zebulon.fr/style_emoticons/de...on_confused.gif Sinon, voici le rapport DDS : DDS (Ver_10-03-17.01) - FAT32x86 Run by Christelle at 15:29:50,26 on 19/05/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.430 [GMT 2:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCLE.EXE C:\Documents and Settings\Christelle\Mes documents\Téléchargements\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.lavasoftnews.com/ms/display_main.php?tac=Alexa uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {83DF922D-4B34-4997-8CD6-07750881DD69} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [EPSON Stylus Photo RX585 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticle.exe /fu "c:\windows\temp\E_S15C.tmp" /EF "HKCU" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe mRun: [Microsoft Works Update Detection] c:\program files\fichiers communs\microsoft shared\works shared\WkUFind.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [VTTimer] VTTimer.exe mRun: [iSUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\christ~1\menudé~1\progra~1\démarr~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {83DF922D-4B34-4997-8CD6-07750881DD69} - {83DF922D-4B34-4997-8CD6-07750881DD69} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: laredoute.fr\www Trusted Zone: redoute.fr\mannequin DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204 DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\4cho2zh0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/|http://entreprise-fournier.fr/ FF - component: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\mozilla firefox\plugins\npcnc32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-12 164048] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-12 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibguard.exe -i c:\program files\borland\InterBase [?] S2 MSSQL$EBP;SQL Server (EBP);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224] S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2006-11-3 69120] S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\c4c_bsc2.sys --> c:\windows\system32\drivers\C4C_BSC2.sys [?] S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibserver.exe -i c:\program files\borland\InterBase [?] ============== File Associations =============== .txt= =============== Created Last 30 ================ 2010-05-12 05:13:16 0 d-sh--w- C:\FOUND.001 2010-05-11 06:59:56 15386 ----a-w- C:\cc_20100511_085955.reg 2010-05-07 16:06:06 0 d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes 2010-05-07 16:05:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 16:05:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-07 16:05:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-07 16:05:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 15:12:41 0 d-----w- c:\program files\ZHPDiag 2010-05-06 11:38:59 0 d--h--w- C:\VritualRoot 2010-05-06 11:38:29 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO 2010-05-06 11:20:08 0 d-----w- c:\program files\Comodo 2010-05-06 11:20:08 0 d-----w- c:\docume~1\christ~1\applic~1\Comodo 2010-05-06 10:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-05-06 10:03:39 35714 ----a-w- C:\cc_20100506_120335.reg 2010-05-06 07:13:36 0 d-----w- c:\windows\Internet Logs 2010-05-06 06:52:28 0 d-sh--w- C:\FOUND.000 2010-05-05 18:36:50 177664 ------w- c:\windows\system32\dllcache\wintrust.dll 2010-05-05 18:36:05 86528 ------w- c:\windows\system32\dllcache\cabview.dll 2010-05-05 18:26:26 0 d-----w- c:\docume~1\christ~1\applic~1\CheckPoint 2010-05-05 18:25:43 0 d-----w- c:\program files\CheckPoint 2010-05-05 15:10:35 0 d-----w- c:\docume~1\christ~1\applic~1\QuickScan 2010-05-05 13:12:57 0 d-----w- c:\program files\fichiers communs\Scanner 2010-05-05 12:34:07 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-05 12:34:05 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-05-05 12:34:03 8192 ----a-w- c:\windows\system32\drivers\Changer.sys 2010-05-05 12:30:37 16 ----a-w- c:\docume~1\christ~1\applic~1\qvjsge.dat 2010-04-22 07:40:15 195424 ----a-w- C:\cc_20100422_094013.reg ==================== Find3M ==================== 2010-05-12 13:09:42 38422 ----a-w- c:\docume~1\christ~1\applic~1\wklnhst.dat 2010-05-05 18:53:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-03-02 09:04:04 565908 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-02 09:04:04 563042 ----a-w- c:\windows\system32\perfh040.dat 2010-03-02 09:04:04 108368 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-02 09:04:04 106672 ----a-w- c:\windows\system32\perfc040.dat 2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-07 07:53:20 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-11-20 11:01:46 364521 ----a-w- c:\windows\inf\DRVDATA.BIN 2007-11-20 11:01:46 1233547 ----a-w- c:\windows\inf\DRVIDX.BIN 2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe 1998-09-29 11:56:48 10000 ----a-w- c:\windows\inf\unregpn.exe 2009-06-22 17:36:28 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys 2005-01-19 12:25:44 56 --sh--r- c:\windows\system32\F528341998.sys 2009-06-22 17:30:58 88 --sh--r- c:\windows\system32\98193428F5.sys ============= FINISH: 15:30:18,65 =============== Bonne lecture http://forum.zebulon.fr/style_emoticons/de...t/icon_wink.gif, Christelle
  7. cbr1975
    Bonjour Mark, As-tu une solution ou des testes à mes faire faire ? A+
  8. cbr1975
    Bonjour Mark, J'ai désinstaller Comodo. Ca n'a rien changer à mon problème de barre des taches. J'ai même passé Ccleaner sans amélioration. Dis moi ce que je peux faire de plus. Bye
  9. cbr1975
    Je tente. Je passe par ajout/suppression de programme du panneau de config ?
  10. cbr1975
    Est-ce à dire que mon problème serait résolu ? ou pas encore. Mes fichiers sont toujours en quarantaine dans Avast.
  11. cbr1975
    J'ai fais l'analyse avec MalwareBytes' Anti-Malware. Après la suppression des problèmes, il m'a demander de redémarrer mon PC pour terminer le travail. Je ne crois pas que Comodo soit en cause. Je l'ai installé hier ... quoi que ... je ne me rappelle pas si j'avais les problèmes au démarrage (20 mm d'attente avant de pouvoir utilisé le PC) avant son installation. Sinon, voici le rapport de MBAM : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4075 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 07/05/2010 18:24:47 mbam-log-2010-05-07 (18-24-47).txt Type d'examen: Examen rapide Elément(s) analysé(s): 161210 Temps écoulé: 11 minute(s), 44 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\pwwhjeod_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pwwhjeod_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system\INTERNAT.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system\DLLHOST.EXE (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. A+
  12. cbr1975
    Avast a du bloqué l'infection puisque les fichiers infectés son en quarantaine. Mes problèmes : uniquement au démarrage, "disparaissent" après plusieurs reboot - la barre des taches n'est pas disponible soit parce qu'elle n'est pas affichée soit parce qu'il y a le sablier (les applis du bureau sont accessibles) - les applis du bureau se bloquent (notamment la messagerie et le navigateur), n'apparaissent pas dans la barre des taches quand celle-ci n'est pas disponible. Je reboot plusieurs fois et quand j'en ai marre, je démarrare ma session et vais faire autre chose. Quand je reviens, il n'y a plus de problème.
  13. cbr1975
    J'ai oublier de désactiver mon anti-virus avant de lancer le sacn. Je l'ai laissé finir, dois-je recommencer ? Sinon, voici le rapport DDS : DDS (Ver_10-03-17.01) - FAT32x86 Run by Christelle at 9:43:06,43 on 07/05/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.354 [GMT 2:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup SVCHOST.EXE SVCHOST.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe SVCHOST.EXE C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PSIService.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Christelle\Mes documents\Téléchargements\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = hxxp://www.lavasoftnews.com/ms/display_main.php?tac=Alexa uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {83DF922D-4B34-4997-8CD6-07750881DD69} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [EPSON Stylus Photo RX585 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticle.exe /fu "c:\windows\temp\E_S15C.tmp" /EF "HKCU" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe mRun: [Microsoft Works Update Detection] c:\program files\fichiers communs\microsoft shared\works shared\WkUFind.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [VTTimer] VTTimer.exe mRun: [iSUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\christ~1\menudé~1\progra~1\démarr~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} IE: {83DF922D-4B34-4997-8CD6-07750881DD69} - {83DF922D-4B34-4997-8CD6-07750881DD69} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll Trusted Zone: laredoute.fr\www Trusted Zone: redoute.fr\mannequin DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204 DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\4cho2zh0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/|http://entreprise-fournier.fr/ FF - component: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\mozilla firefox\plugins\npcnc32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-12 164048] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-12 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384] S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibguard.exe -i c:\program files\borland\InterBase [?] S2 MSSQL$EBP;SQL Server (EBP);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224] S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2006-11-3 69120] S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\c4c_bsc2.sys --> c:\windows\system32\drivers\C4C_BSC2.sys [?] S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibserver.exe -i c:\program files\borland\InterBase [?] ============== File Associations =============== .txt= =============== Created Last 30 ================ 2010-05-06 15:12:41 0 d-----w- c:\program files\ZHPDiag 2010-05-06 11:38:59 0 d--h--w- C:\VritualRoot 2010-05-06 11:38:29 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO 2010-05-06 11:20:08 0 d-----w- c:\program files\Comodo 2010-05-06 11:20:08 0 d-----w- c:\docume~1\christ~1\applic~1\Comodo 2010-05-06 10:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-05-06 10:03:39 35714 ----a-w- C:\cc_20100506_120335.reg 2010-05-06 07:13:36 0 d-----w- c:\windows\Internet Logs 2010-05-06 06:52:28 0 d-sh--w- C:\FOUND.000 2010-05-05 18:26:26 0 d-----w- c:\docume~1\christ~1\applic~1\CheckPoint 2010-05-05 18:25:43 0 d-----w- c:\program files\CheckPoint 2010-05-05 15:10:35 0 d-----w- c:\docume~1\christ~1\applic~1\QuickScan 2010-05-05 13:12:57 0 d-----w- c:\program files\fichiers communs\Scanner 2010-05-05 12:34:07 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-05 12:34:05 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-05-05 12:34:03 8192 ----a-w- c:\windows\system32\drivers\Changer.sys 2010-05-05 12:30:37 16 ----a-w- c:\docume~1\christ~1\applic~1\qvjsge.dat 2010-04-22 07:40:15 195424 ----a-w- C:\cc_20100422_094013.reg 2010-04-13 14:19:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-04-08 23:26:12 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-08 23:25:46 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-08 23:25:46 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-08 23:25:44 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys ==================== Find3M ==================== 2010-05-06 16:14:10 37992 ----a-w- c:\docume~1\christ~1\applic~1\wklnhst.dat 2010-05-05 18:53:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-03-02 09:04:04 565908 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-02 09:04:04 563042 ----a-w- c:\windows\system32\perfh040.dat 2010-03-02 09:04:04 108368 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-02 09:04:04 106672 ----a-w- c:\windows\system32\perfc040.dat 2010-02-12 09:03:04 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:36:04 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-12 04:36:04 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 11:08:26 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys 2008-10-07 07:53:20 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-11-20 11:01:46 364521 ----a-w- c:\windows\inf\DRVDATA.BIN 2007-11-20 11:01:46 1233547 ----a-w- c:\windows\inf\DRVIDX.BIN 2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe 1998-09-29 11:56:48 10000 ----a-w- c:\windows\inf\unregpn.exe 2009-06-22 17:36:28 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys 2005-01-19 12:25:44 56 --sh--r- c:\windows\system32\F528341998.sys 2009-06-22 17:30:58 88 --sh--r- c:\windows\system32\98193428F5.sys ============= FINISH: 9:44:36,37 ===============
  14. cbr1975
    Bonjour Mark, En attendant le rapport DDS, voici celui de ZHPDiag que j'avais fait hiers à la suite de hijackthis : Rapport de ZHPDiag v1.25.1420 par Nicolas Coolman Run by Christelle at 06/05/2010 17:12:55 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.6.3) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 2 Processor: x86 Family 6 Model 10 Stepping 0, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1023 MB (45% free) System drive C: has 17 GB (15%) free of 112 GB ---\\ Logged in mode Computer Name: ORDINATEUR-ACER User Name: Christelle Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 112 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK ---\\ Processus lancés [MD5.7418DC540608C9BAE4DFF58D2B427F63] - (.Neodio Corp. - Disk Monitor.) -- C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe [466944] [MD5.25D60F3CD198007541B422CD34E677CE] - (.Microsoft® Corporation - Détection Microsoft® Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [50688] [MD5.053D8D245118BEA6E21E1812871F67BA] - (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184] [MD5.51F3C4FBEEF66CEBA7ABE43F4F5C1B69] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [81920] [MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280] [MD5.8DE8DEFE523C005C5F88852E2493D67D] - (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2790472] [MD5.466CE40EAA865752F4930A472563E4E1] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760] [MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [952768] [MD5.F8D68359931DAED84FEA3BEE9589C0B4] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2029456] [MD5.64E41E8FEE655B03E3F19DED21BA5118] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [MD5.90A84534D39468BE799807BED5187252] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.exe [182272] [MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088] [MD5.4451CC2275B04043EC2BCC757AF97291] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312] [MD5.44C47B8B923F83071EB14CCA57CEE361] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ati2evxx.exe [303104] [MD5.2979B03D5382A602623C0535B16AB9C0] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.57E6D33E74C6D3F198890DB4933644A7] - (.ALWIL Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384] [MD5.C10D484A89EE0566D6A7B45A1D1F310C] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.exe [54784] [MD5.56139566E462C1FB1775E140D4EE6B22] - (.COMODO - COMODO livePCsupport Service.) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744] [MD5.8E0528204CA034CBC3AF65CF1831A4F4] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1769216] [MD5.9D6BF82FE50D55F20F8E10E0F6653886] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.B541F17CE162242478F02B4B22DBF204] - (.Borland Software Corporation - InterBase Server.) -- C:\Program Files\Borland\InterBase\bin\ibguard.exe [36864] [MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.684CE2A70EE23C38A8C12B60E6E26A6F] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [335872] [MD5.D07C9575726797B0E9069E1108A1C483] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224] [MD5.259AF82A0932EEA4F316F92DB94707B6] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\System32\lsass.exe [13312] [MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\WINDOWS\system32\PSIService.exe [177704] [MD5.DA81EC57ACD4CDC3D4C51CF3D409AF9F] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] [MD5.D2B096CD2F56FAC6EEEED9A77DDF6DC8] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544] [MD5.54902536AAD0E9B99BC65F89C0CAF93F] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968] ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} . (.Visicom Media Inc. - VMN Toolbar from http://toolbar.vmn.net.) -- C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - {83DF922D-4B34-4997-8CD6-07750881DD69} . (.Pas de propriétaire - Pas de description.) -- O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} . (.Visicom Media Inc. - VMN Toolbar from http://toolbar.vmn.net.) -- C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} . (.Comodo Group, Inc. - HopSurf Toolbar.) -- C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [Disk Monitor] . (.Neodio Corp. - Disk Monitor.) -- C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] . (.Microsoft® Corporation - Détection Microsoft® Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iSUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe O4 - HKLM\..\Run: [iSUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - Global Startup: OpenOffice.org 3.1.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\Office12\EXCEL.exe ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} . (.not file.) - (.not file.) O9 - Extra button: AllMusicBox - {83DF922D-4B34-4997-8CD6-07750881DD69} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\IEToolbar\favicon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~4\Office12\REFBARH.ICO O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} . (.Comodo Group, Inc. - HopSurf Toolbar.) -- C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://GLOBAL.ACER.COM/ ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] *.laredoute.fr ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\guard32.dll (.not file.) ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\System32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: (Ati HotKey Poller) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus (avast! Antivirus) . (.ALWIL Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) . (.Macrovision - Macrovision RTS Service.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe O23 - Service: COMODO livePCsupport Service (CLPSLS) . (.COMODO - COMODO livePCsupport Service.) - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) . (.Borland Software Corporation - InterBase Server.) - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ProtexisLicensing (ProtexisLicensing) . (.Pas de propriétaire - nTitles PSIService.) - C:\WINDOWS\system32\PSIService.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Démarrage du programme de réglages.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Notification de mise à jour critique Windows.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{57ABA29A-0DC9-4A8E-B0B0-D663AC33A41E}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB29D119-0619-410C-A654-1BEC73E7BB94}.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\SwDir.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r42.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx O40 - ASIC: Microsoft FrontPage Express - {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fpxpress.inf ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: COMODO Internet Security Sandbox Driver (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys O41 - Driver: COMODO Internet Security Helper Driver (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Photoshop Elements 8.0 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Reader 9.3 - Français - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe SVG Viewer 3.0 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: AlphaChess 3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Anigames - (.Smoby Pl@yers.) [HKLM] O42 - Logiciel: Atlantis Quest fr - (.Boonty.) [HKLM] O42 - Logiciel: Azkend Deluxe - (.Zylom Games.) [HKLM] O42 - Logiciel: Ballistik fr - (.Boonty.) [HKLM] O42 - Logiciel: Big Kahuna Reef - (.Oberon Media.) [HKLM] O42 - Logiciel: Brain Challenge - (.Mindscape.) [HKLM] O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] O42 - Logiciel: COMODO Internet Security - (.COMODO Group Inc..) [HKLM] O42 - Logiciel: COMODO livePCsupport - (.COMODO.) [HKLM] O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Carom3D - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Chuzzle - (.Oberon Media.) [HKLM] O42 - Logiciel: Comodo HopSurf - (.Comodo Security Solutions, Inc..) [HKLM] O42 - Logiciel: Complément Microsoft Word pour Microsoft Works Suite - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: DVD Solution - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] O42 - Logiciel: EPSON Attach To Email - (.SEIKO EPSON.) [HKLM] O42 - Logiciel: EPSON Copy Utility 3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Easy Photo Print - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Stylus Photo RX585_RX610 Manuel - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Web-To-Page - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Entraîneur Cérébral 2 - (.Mindscape.) [HKLM] O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: FileZilla Client 3.2.8 - (.Pas de propriétaire.) [HKCU] O42 - Logiciel: GTK+ 2.4.7 runtime environment - (.Tor Lillqvist.) [HKLM] O42 - Logiciel: Generic USB Card Reader Driver v1.9e3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Généatique 2010 - (.CDIP.) [HKLM] O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_01 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: Java 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: Je joue avec ma voix - (.Génération 5.) [HKLM] O42 - Logiciel: KeyView for Lotus 97 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: LameACM - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Le Roi Lion Insectovorace - (.Oberon Media.) [HKLM] O42 - Logiciel: Luxor - Amun Rising - (.Oberon Media.) [HKLM] O42 - Logiciel: Luxor 2 fr - (.Boonty.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM] O42 - Logiciel: Micro Motus - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework SDK (French) 1.1 - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office 2003 Web Components - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office 2007 Primary Interop Assemblies - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Small Business Connectivity Components - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Picture It! Photo Premium 9 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (EBP) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server 2005 Tools Express Edition - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual J# .NET Redistributable Package 1.1 - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM] O42 - Logiciel: Mozilla Thunderbird (2.0.0.24) - (.Mozilla.) [HKLM] O42 - Logiciel: Nathalie Brooks Secrets of Treasure House fr - (.Boonty.) [HKLM] O42 - Logiciel: Nvu 1.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] O42 - Logiciel: PC-Linq - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PDF-XChange 4 - (.Tracker Software Products Ltd.) [HKLM] O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] O42 - Logiciel: Pakoombo Deluxe - (.Zylom Games.) [HKLM] O42 - Logiciel: PasswordTools - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Patiences et réussites 4 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Point de Croix - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PowerDVD - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PowerDirector - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PowerProducer - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: QBz - (.Oberon Media.) [HKLM] O42 - Logiciel: Rainbow Mystery fr - (.Boonty.) [HKLM] O42 - Logiciel: Rainbow Web - (.Oberon Media.) [HKLM] O42 - Logiciel: S3 S3Display - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: S3 S3Gamma2 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: S3 S3Info2 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: S3 S3Overlay - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SWiSH Max3 - (.SWiSHzone.com.) [HKLM] O42 - Logiciel: SafeCast Shared Components - (.Macrovision.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB973593) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB969693) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] O42 - Logiciel: Slingo - (.Oberon Media.) [HKLM] O42 - Logiciel: Spin and Play - (.Oberon Media.) [HKLM] O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] O42 - Logiciel: Sveerz - (.Oberon Media.) [HKLM] O42 - Logiciel: Sélecteur d'installation de Microsoft Works 2004 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Tinos Fruit Stand - (.Oberon Media.) [HKLM] O42 - Logiciel: TriJinx fr - (.Boonty.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft Office Word 2007 (KB974631) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb976884) - (.Microsoft.) [HKLM] O42 - Logiciel: Utilitaire d'échange EBP 1.0 - (.EBP.) [HKLM] O42 - Logiciel: V5385 Digital Camera Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM] O42 - Logiciel: VMN Toolbar - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Venice Mystery fr - (.Boonty.) [HKLM] O42 - Logiciel: Version d'évaluation de Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Version d'évaluation de Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Vitalize! - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] O42 - Logiciel: Windows XP Service Pack 2 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: World Class Solitaire - (.Oberon Media.) [HKLM] O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Zodiac - (.Oberon Media.) [HKLM] O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] O42 - Logiciel: king.com (remove only) - (.Midasplayer Ltd (king.com).) [HKLM] O42 - Logiciel: livebox - (.Pas de propriétaire.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\7-Zip] [HKCU\Software\ALWIL Software] [HKCU\Software\AVS4YOU] [HKCU\Software\Addictive Software] [HKCU\Software\Adobe] [HKCU\Software\AlphaChess] [HKCU\Software\Ancestrologie] [HKCU\Software\AppDataLow] [HKCU\Software\Apperson and Daughters] [HKCU\Software\Apperson] [HKCU\Software\Applications WinDev] [HKCU\Software\BVRP Software] [HKCU\Software\Binary Noise] [HKCU\Software\BitDefender] [HKCU\Software\BitTorrent] [HKCU\Software\Borland] [HKCU\Software\Bsd Concept] [HKCU\Software\CDIP] [HKCU\Software\CORPUS] [HKCU\Software\Clickteam] [HKCU\Software\Clients] [HKCU\Software\ComodoGroup] [HKCU\Software\Comodo] [HKCU\Software\Corel] [HKCU\Software\Cronosoft] [HKCU\Software\CyberLink] [HKCU\Software\DAVID Gilles] [HKCU\Software\Dark Skull Software] [HKCU\Software\Developer Express] [HKCU\Software\DivXNetworks] [HKCU\Software\EBP] [HKCU\Software\ELCIA] [HKCU\Software\EPSON] [HKCU\Software\FRANCE TELECOM] [HKCU\Software\FUJIFILM] [HKCU\Software\FileZilla] [HKCU\Software\FreshDevices] [HKCU\Software\FreshGames] [HKCU\Software\GameHouse] [HKCU\Software\GamesBar] [HKCU\Software\GeneaNet] [HKCU\Software\Google] [HKCU\Software\Goto] [HKCU\Software\Grisoft] [HKCU\Software\HookNetwork] [HKCU\Software\IAV] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\InterActive Vision] [HKCU\Software\InterTrust] [HKCU\Software\JEDI-VCL] [HKCU\Software\Jasc] [HKCU\Software\JavaSoft] [HKCU\Software\Kodak] [HKCU\Software\LDS Church] [HKCU\Software\LanConfig] [HKCU\Software\LitePC] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept (Adobe2)] [HKCU\Software\Memoweb 4] [HKCU\Software\Micro Application] [HKCU\Software\Mindscape] [HKCU\Software\Monaco Gold Casino] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Namo] [HKCU\Software\Netscape] [HKCU\Software\NewTech Infosystems] [HKCU\Software\Novell] [HKCU\Software\ODBC] [HKCU\Software\OXXOgames] [HKCU\Software\Oberon Media] [HKCU\Software\OpenOffice.org] [HKCU\Software\PC SOFT] [HKCU\Software\PDFCreator] [HKCU\Software\POWERARC] [HKCU\Software\Piriform] [HKCU\Software\Pointsoft] [HKCU\Software\Policies] [HKCU\Software\funkitron] [HKCU\Software\gst] [HKCU\Software\mozilla.org] [HKLM\Software\ALWIL Software] [HKLM\Software\ATI Technologies] [HKLM\Software\AVS4YOU] [HKLM\Software\Adobe] [HKLM\Software\Amigo] [HKLM\Software\AppDataLow] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Avance] [HKLM\Software\BackWeb] [HKLM\Software\BitTorrent] [HKLM\Software\Boonty] [HKLM\Software\Borland] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\CORPUS] [HKLM\Software\Canon] [HKLM\Software\CheckPoint] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\ComodoGroup] [HKLM\Software\CyberLink] [HKLM\Software\Debug] [HKLM\Software\Dekovir] [HKLM\Software\Disney] [HKLM\Software\DivXNetworks] [HKLM\Software\EBP] [HKLM\Software\ELCIA] [HKLM\Software\EPSON] [HKLM\Software\EURATEC] [HKLM\Software\FRANCE TELECOM] [HKLM\Software\FUJIFILM] [HKLM\Software\FileZilla 3] [HKLM\Software\FileZilla] [HKLM\Software\FotoNation] [HKLM\Software\FreshDevices] [HKLM\Software\FreshGames] [HKLM\Software\FullCircle] [HKLM\Software\GST] [HKLM\Software\GTK] [HKLM\Software\GTek] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Grisoft] [HKLM\Software\Hulabee] [HKLM\Software\IGB] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\LDS Church] [HKLM\Software\LastBit] [HKLM\Software\Licenses] [HKLM\Software\LitePC] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\Micro Application] [HKLM\Software\MimarSinan] [HKLM\Software\Mindscape] [HKLM\Software\Monaco Gold Casino] [HKLM\Software\Mozilla Thunderbird] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NEOACT] [HKLM\Software\Novell] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\OpenOffice.org] [HKLM\Software\PDFCreator] [HKLM\Software\PTECH] [HKLM\Software\Pervasive Software] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\PopCap] [HKLM\Software\Program Groups] [HKLM\Software\Prolific Technology Inc.] [HKLM\Software\Protexis] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\Reflexive Entertainment] [HKLM\Software\RegisteredApplications] [HKLM\Software\RichFX] [HKLM\Software\S3] [HKLM\Software\SWiSHzone.com] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Sage] [HKLM\Software\Sagem] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\Skunkstudios] [HKLM\Software\SmartDraw Software Inc.] [HKLM\Software\Sonic] [HKLM\Software\Stargaze Interactive] [HKLM\Software\SugarGames] [HKLM\Software\Sun Microsystems] [HKLM\Software\Symantec] [HKLM\Software\The Learning Company] [HKLM\Software\Tracker Software] [HKLM\Software\Verity] [HKLM\Software\Via4in1Driver] [HKLM\Software\VideoLAN] [HKLM\Software\Visicom Media] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Windows] [HKLM\Software\Wise Solutions] [HKLM\Software\Xing Technology Corp.] [HKLM\Software\Zeb-Utility] [HKLM\Software\Zone Labs] [HKLM\Software\generation5] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files\JRE O43 - CFD:Common File Directory ----D- C:\Program Files\msn gaming zone O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3 O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\ELCIA O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\CheckPoint O43 - CFD:Common File Directory ----D- C:\Program Files\PasswordTools O43 - CFD:Common File Directory ----D- C:\Program Files\Generic O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\SWiSH Max3 O43 - CFD:Common File Directory ----D- C:\Program Files\Comodo O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works Suite 2004 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\LameACM O43 - CFD:Common File Directory ----D- C:\Program Files\Nvu O43 - CFD:Common File Directory ----D- C:\Program Files\WinAncetre O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Picture It! 9 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client O43 - CFD:Common File Directory ----D- C:\Program Files\Zeb-Utility O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- C:\Program Files\vmntoolbar O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application O43 - CFD:Common File Directory ----D- C:\Program Files\IEToolbar O43 - CFD:Common File Directory ----D- C:\Program Files\Génération 5 O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\ToniArts O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla O43 - CFD:Common File Directory ----D- C:\Program Files\FreeFTP O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip O43 - CFD:Common File Directory ----D- C:\Program Files\i-Media O43 - CFD:Common File Directory ----D- C:\Program Files\MesFavoris O43 - CFD:Common File Directory ----D- C:\Program Files\mozilla.org O43 - CFD:Common File Directory ----D- C:\Program Files\Defraggler O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Thunderbird O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Small Business O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Geneatique2010 O43 - CFD:Common File Directory ----D- C:\Program Files\Tracker Software O43 - CFD:Common File Directory ----D- C:\Program Files\Grisoft O43 - CFD:Common File Directory ----D- C:\Program Files\TLC-Edusoft O43 - CFD:Common File Directory ----D- C:\Program Files\PC-Linq O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo O43 - CFD:Common File Directory ----D- C:\Program Files\Borland O43 - CFD:Common File Directory ----D- C:\Program Files\Cnamoo O43 - CFD:Common File Directory ----D- C:\Program Files\Cnamoo.net O43 - CFD:Common File Directory ----D- C:\Program Files\DirectX O43 - CFD:Common File Directory ----D- C:\Program Files\greenstreet O43 - CFD:Common File Directory ----D- C:\Program Files\Kodak O43 - CFD:Common File Directory ----D- C:\Program Files\TeXnicCenter O43 - CFD:Common File Directory ----D- C:\Program Files\VNP Comp O43 - CFD:Common File Directory ----D- C:\Program Files\PowerArchiver O43 - CFD:Common File Directory ----D- C:\Program Files\orange O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\Real O43 - CFD:Common File Directory ----D- C:\Program Files\V5385 Digital Camera O43 - CFD:Common File Directory ----D- C:\Program Files\Verity O43 - CFD:Common File Directory ----D- C:\Program Files\Livecom O43 - CFD:Common File Directory ----D- C:\Program Files\BoontyGames O43 - CFD:Common File Directory ----D- C:\Program Files\BitTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\Boonty O43 - CFD:Common File Directory ----D- C:\Program Files\Mes Jeux Téléchargés O43 - CFD:Common File Directory ----D- C:\Program Files\Readiris Pro 9 Demo O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\FDF O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Windows Script O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\NewSoft O43 - CFD:Common File Directory ----D- C:\Program Files\PLUS! O43 - CFD:Common File Directory ----D- C:\Program Files\Publication Web O43 - CFD:Common File Directory ----D- C:\Program Files\QMgr O43 - CFD:Common File Directory ----D- C:\Program Files\Soft4Ever O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareBlaster O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareGuard O43 - CFD:Common File Directory ----D- C:\Program Files\UIU O43 - CFD:Common File Directory ----D- C:\Program Files\WComptys O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\XnView O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo O43 - CFD:Common File Directory ----D- C:\Program Files\Smoby Players O43 - CFD:Common File Directory ----D- C:\Program Files\SAGEM O43 - CFD:Common File Directory ----D- C:\Program Files\FamilySearch O43 - CFD:Common File Directory ----D- C:\Program Files\Win Généalogic O43 - CFD:Common File Directory ----D- C:\Program Files\AlphaChess O43 - CFD:Common File Directory ----D- C:\Program Files\Neoact O43 - CFD:Common File Directory ----D- C:\Program Files\Mindscape O43 - CFD:Common File Directory ----D- C:\Program Files\SoftwarePassport O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\epson O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON Print CD O43 - CFD:Common File Directory ----D- C:\Program Files\Zylom Games O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Motus O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\GTK O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\GST O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\memoweb O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BOONTY Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PC SOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ACD Systems O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adaptec Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sage O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Vitalize O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ELCIA O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWiSHzone.com O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe AIR O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Borland Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Scanner ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 06/05/2010 - 14:04:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1179970] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 06/05/2010 - 12:38:26 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.7B4CAB06554F60432AEA2F6540C3151F] - 06/05/2010 - 11:05:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cc_20100506_120335.reg [35714] O44 - LFC:[MD5.CE26D2B47616C3409129AB809F51610A] - 05/05/2010 - 19:53:28 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\zllictbl.dat [4212] O44 - LFC:[MD5.C6302403D3C6BF45F99A6F21EEEE5D66] - 05/05/2010 - 18:52:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\entpack.ini [262] O44 - LFC:[MD5.340402AC4A365595685676A558BA4F6F] - 05/05/2010 - 18:52:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\EntPack.dat [445] O44 - LFC:[MD5.A1A53F00E858DD6721825674CDE16153] - 05/05/2010 - 14:29:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Cosmos.INI [1828] O44 - LFC:[MD5.CC50A66548C2F285BC8A7B0B8AA578E3] - 05/05/2010 - 13:34:07 ---A- . (.Toshiba Corp. - Toshiba Libretto floppy controller.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [34688] O44 - LFC:[MD5.7FD60B174D07FE3AA7B95BBE384FCC97] - 05/05/2010 - 11:11:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MAHJONGG.INI [41] O44 - LFC:[MD5.ED7F0EA70BF000490EFB68EA872F0004] - 03/05/2010 - 18:02:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158] O44 - LFC:[MD5.F55AA7EEEA047BB3D3A1912E277F3ACA] - 29/04/2010 - 09:44:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [448496] O44 - LFC:[MD5.212AAC3F83704936D87A51B8733D7D83] - 22/04/2010 - 08:42:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cc_20100422_094013.reg [195424] O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 16/04/2010 - 07:51:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121] O44 - LFC:[MD5.C3A7AC3D7C71DF622E2828A35ECB84A5] - 14/04/2010 - 17:47:24 ---A- . (.ALWIL Software - avast! Screen Saver stub.) -- C:\WINDOWS\System32\avastSS.scr [38848] O44 - LFC:[MD5.96D4272206C09E87DD043E6339BAFA21] - 14/04/2010 - 17:47:04 ---A- . (.ALWIL Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [153184] O44 - LFC:[MD5.9E82102B7249EF33A1CC132F26AFEAC4] - 14/04/2010 - 17:35:48 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672] O44 - LFC:[MD5.7DF85E2E544B505EE74D734A394E39C7] - 14/04/2010 - 17:35:26 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [162768] O44 - LFC:[MD5.9A2F01E6BCECE7A1A1F39846E392CD41] - 14/04/2010 - 17:31:40 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376] O44 - LFC:[MD5.71A24FC1564C39CF834ACEC3396577E6] - 14/04/2010 - 17:31:12 ---A- . (.ALWIL Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100432] O44 - LFC:[MD5.098E3A9FFAE8CA693FAE7229F6E659B7] - 14/04/2010 - 17:31:10 ---A- . (.ALWIL Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94800] O44 - LFC:[MD5.7F7135C14ED4FB190AA75CB1FD1F14E8] - 14/04/2010 - 17:31:02 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [19024] O44 - LFC:[MD5.94321612E022BAED249BF6BC2B9DDF9E] - 14/04/2010 - 17:30:46 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880] O44 - LFC:[MD5.93981ACF218F06B4D98C995906F51852] - 09/04/2010 - 00:26:12 ---A- . (.COMODO - COMODO Internet Security.) -- C:\WINDOWS\System32\guard32.dll [277240] O44 - LFC:[MD5.508837E828309BD8444AE5C7550C2C17] - 09/04/2010 - 00:25:48 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\WINDOWS\System32\drivers\inspect.sys [86800] O44 - LFC:[MD5.45A1F7D2890681F22406458D93D03CC1] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [25240] O44 - LFC:[MD5.EE8D7168CBBE3AF052EA93015F51ABE9] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [225344] O44 - LFC:[MD5.AE1C31D030A21F0AFABE2DF269D1181F] - 09/04/2010 - 00:25:44 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\WINDOWS\System32\drivers\cmderd.sys [15464] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [Enabled] .(.Pas de propriétaire - .) (.not file.) -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\BitTorrent\bittorrent.exe O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\Orb.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\Orb.exe O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\OrbTray.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb-4.09\gw\gwd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb-4.09\gw\gwd.exe O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe O47 - AAKE:Key Export SP - "C:\Program Files\BoontyGames\Jeopardy\JEOPARDY!.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\BoontyGames\Jeopardy\JEOPARDY!.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\fxsclnt.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\WINDOWS\System32\fxsclnt.exe O47 - AAKE:Key Export SP - "c:\Program Files\Microsoft Expression\Media 2\Media.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Microsoft Expression\Media 2\Media.exe O47 - AAKE:Key Export SP - "C:\PVSW\Bin\w3dbsmgr.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\PVSW\Bin\w3dbsmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\FreeFTP\FreeFTP.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FreeFTP\FreeFTP.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) (.not file.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe O47 - AAKE:Key Export SP - "C:\Program Files\Geneamania\mysql\bin\mysqld.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Geneamania\mysql\bin\mysqld.exe O47 - AAKE:Key Export SP - "C:\Program Files\Geneamania\apache\bin\httpd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Geneamania\apache\bin\httpd.exe O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwsetup.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwsetup.exe O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwd.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\PVSW\Bin\w3dbsmgr.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\PVSW\Bin\w3dbsmgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="L3CODECA.ACM" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\L3CODECA.ACM O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.iac2"="iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"VIDC.VDOM"="vdowave.drv" . (.VDOnet LTD.. - vdowave.) -- C:\WINDOWS\System32\vdowave.drv O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\WINDOWS\System32\scg726.acm O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\LameACM.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"L3CODECA.ACM"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\L3CODECA.ACM O52 - TDSD: \drivers.desc\"vdowave.drv"="VDOnet VDOWave Video Codec" . (.VDOnet LTD.. - vdowave.) -- C:\WINDOWS\System32\vdowave.drv O52 - TDSD: \drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.8.0 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"LameACM.acm"="LameACM" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\LameACM.acm ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"= O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoSMConfigurePrograms"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoSMConfigurePrograms"=1 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 19:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 19:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 19:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.098E3A9FFAE8CA693FAE7229F6E659B7] - 14/04/2010 - 17:31:10 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys O58 - SDL:[MD5.293BCAF4EF7AFCC4B00D28F75C420356] - 05/09/2003 - 05:58:24 ---A- . (.THOMSON - WAN Driver.) -- C:\WINDOWS\system32\drivers\alcan5wn.sys O58 - SDL:[MD5.08F60F40D1A2A95A1F12EDDBD9F25C1C] - 03/11/2006 - 20:49:46 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS O58 - SDL:[MD5.71A24FC1564C39CF834ACEC3396577E6] - 14/04/2010 - 17:31:12 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys O58 - SDL:[MD5.8A5E67FC653CA3EB46C60C3C8F26EF04] - 21/06/2000 - 18:09:56 ---A- . (.Hewlett-Packard Company - USB Driver.) -- C:\WINDOWS\system32\drivers\HPZUSB00.SYS O58 - SDL:[MD5.509B6D9811DD10F1998B8B8A8ACC1BD4] - 01/08/2004 - 07:09:24 ---A- . (.OrangeWare Corporation - USB 2.0 Hub Driver.) -- C:\WINDOWS\system32\drivers\ousb2hub.sys O58 - SDL:[MD5.C5286BD64FC2E4550820E92290D2BC90] - 01/08/2004 - 07:09:24 ---A- . (.OrangeWare Corporation - USB 2.0 Enhanced Host Controller Driver.) -- C:\WINDOWS\system32\drivers\ousbehci.sys O58 - SDL:[MD5.153D02480A0A2F45785522E814C634B6] - 16/06/2008 - 02:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys O58 - SDL:[MD5.7DF85E2E544B505EE74D734A394E39C7] - 14/04/2010 - 17:35:26 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys O58 - SDL:[MD5.8B0B3474A8DA1AB41050637CF34C0959] - 04/08/2003 - 19:14:34 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys O58 - SDL:[MD5.59A5283CCC889FB41CB72BFC58E82B7D] - 20/07/2003 - 09:26:30 ---A- . (.ATI Technologies Inc. - ATI Radeon Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys O58 - SDL:[MD5.7F7135C14ED4FB190AA75CB1FD1F14E8] - 14/04/2010 - 17:31:02 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys O58 - SDL:[MD5.94321612E022BAED249BF6BC2B9DDF9E] - 14/04/2010 - 17:30:46 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys O58 - SDL:[MD5.0D856D16C08440BFB566D6CDD9948D4E] - 12/03/2008 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys O58 - SDL:[MD5.9714B7C918C6543D69074EC101F86AC4] - 12/03/2008 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys O58 - SDL:[MD5.9E82102B7249EF33A1CC132F26AFEAC4] - 14/04/2010 - 17:35:48 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys O58 - SDL:[MD5.9A2F01E6BCECE7A1A1F39846E392CD41] - 14/04/2010 - 17:31:40 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.4B039BBD037B01F5DB5A144C837F283A] - 02/07/2003 - 03:42:00 ---A- . (.VIA Technologies, Inc. - VIA NT AGP Filter.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS O58 - SDL:[MD5.1475A9533649935A048EA5E27F8C3B37] - 07/05/2006 - 06:30:00 ---A- . (.SafeNet, Inc. - Sentinel USB Security Device Driver.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS O58 - SDL:[MD5.BDB16789E789F087B43B5F75032D4FDC] - 05/09/2003 - 05:58:22 ---A- . (.THOMSON - WDM Driver.) -- C:\WINDOWS\system32\drivers\alcaudsl.sys O58 - SDL:[MD5.AE1C31D030A21F0AFABE2DF269D1181F] - 09/04/2010 - 00:25:44 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\WINDOWS\system32\drivers\cmderd.sys O58 - SDL:[MD5.CD86A348FC4016842DBD5AC7398FB48D] - 23/09/2003 - 08:09:00 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS O58 - SDL:[MD5.A9355A51698F6901B362EF738B15631D] - 23/09/2003 - 08:03:00 ---A- . (.Sensaura Ltd - Sensaura WDM 3D Audio Driver.) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS O58 - SDL:[MD5.CC50A66548C2F285BC8A7B0B8AA578E3] - 03/08/2004 - 21:59:34 ---A- . (.Toshiba Corp. - Toshiba Libretto floppy controller.) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys O58 - SDL:[MD5.E8C619C6C6BDE90D130DDA87150E1944] - 02/10/2003 - 19:04:00 ---A- . (.Copyright © VIA/S3 Graphics, Inc. - VIA/S3G Miniport Driver.) -- C:\WINDOWS\system32\drivers\vtmini.sys O58 - SDL:[MD5.2F4B3C0E58D4A7BD8E38D1CD9CA47691] - 08/01/2001 - 08:53:24 ---A- . (.Pas de propriétaire - PC-Linq Bridge Cable.) -- C:\WINDOWS\system32\drivers\usbbc.sys O58 - SDL:[MD5.EE8D7168CBBE3AF052EA93015F51ABE9] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\WINDOWS\system32\drivers\cmdGuard.sys O58 - SDL:[MD5.45A1F7D2890681F22406458D93D03CC1] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\WINDOWS\system32\drivers\cmdhlp.sys O58 - SDL:[MD5.508837E828309BD8444AE5C7550C2C17] - 09/04/2010 - 00:25:48 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\WINDOWS\system32\drivers\inspect.sys O58 - SDL:[MD5.15A72D5B8F0B6A718207F14BD5EBB8FF] - 24/02/2004 - 13:37:14 ---A- . (.NewTech Infosystems, Inc. - NTI CD-ROM Filter Driver.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys O58 - SDL:[MD5.C68E5DFBDAFE5C9FA1F7B3670D1F35BF] - 05/09/2003 - 05:58:12 ---A- . (.THOMSON - Helper.) -- C:\WINDOWS\system32\drivers\alcacr.sys O58 - SDL:[MD5.908F76685A9667007028CD998B7912AE] - 05/09/2003 - 05:58:18 ---A- . (.THOMSON - Helper.) -- C:\WINDOWS\system32\drivers\alcawh.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.CEEF86CB35ABE95C40A88784F5B631AD] - 04/08/2003 - 13:22:44 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\pcandis5.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.EC342DC503DECDD7127804EF6176FE1C] - 22/06/2009 - 18:36:28 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys O58 - SDL:[MD5.5DF90CE2D6B193B0626B970C82216D21] - 19/01/2005 - 13:25:44 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\F528341998.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys O58 - SDL:[MD5.A4C5B42B8BBE51140EB08E08CCCB8795] - 22/06/2009 - 18:30:58 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\98193428F5.sys ---\\ Recherche heuristique Magic.control (HSMI) (O59) O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_nav.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_navps.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_navtmp.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\pack.epk ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(.Pas de propriétaire - Pas de description.) - LEGACY_AAVMKER4 O64 - Services: CurCS - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe - Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) .(.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) - LEGACY_ADOBEACTIVEFILEMONITOR8.0 O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK O64 - Services: CurCS - (.not file.) - avast! Standard Shield Support (aswMon2) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWMON2 O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWRDR O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWTDI O64 - Services: CurCS - C:\WINDOWS\System32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Antivirus (avast! Antivirus) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Mail Scanner (avast! Mail Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_MAIL_SCANNER O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Web Scanner (avast! Web Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_WEB_SCANNER O64 - Services: CurCS - (.not file.) - AVG7 Wrap Driver (Avg7RsW) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG7RSW O64 - Services: CurCS - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe - Boonty Games (Boonty Games) .(.BOONTY - System Level Service Utility.) - LEGACY_BOONTY_GAMES O64 - Services: CurCS - C:\WINDOWS\system32\drivers\CDAC11BA.exe - C-DillaCdaC11BA (C-DillaCdaC11BA) .(.Macrovision - Macrovision RTS Service.) - LEGACY_C-DILLACDAC11BA O64 - Services: CurCS - C:\WINDOWS\system32\drivers\CdaC15BA.sys - CdaC15BA (CdaC15BA) .(.Macrovision Europe Ltd - Macrovision SECURITY Driver.) - LEGACY_CDAC15BA O64 - Services: CurCS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe - COMODO livePCsupport Service (CLPSLS) .(.COMODO - COMODO livePCsupport Service.) - LEGACY_CLPSLS O64 - Services: CurCS - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - COMODO Internet Security Helper Service (cmdAgent) .(.Pas de propriétaire - Pas de description.) - LEGACY_CMDAGENT O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cmdguard.sys - COMODO Internet Security Sandbox Driver (cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cmdhlp.sys - COMODO Internet Security Helper Driver (cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(.Pas de propriétaire - Pas de description.) - LEGACY_EECTRL O64 - Services: CurCS - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - FLEXnet Licensing Service (FLEXnet Licensing Service) .(.Acresso Software Inc. - Activation Licensing Service.) - LEGACY_FLEXNET_LICENSING_SERVICE O64 - Services: CurCS - (.not file.) - Fsks (Fsks) .(.Pas de propriétaire - Pas de description.) - LEGACY_FSKS O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - C:\Windows\system32\DRIVERS\inspect.sys - COMODO Internet Security Firewall Driver (Inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT O64 - Services: CurCS - (.not file.) - ZoneAlarm Toolbar ISWKL (ISWKL) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISWKL O64 - Services: CurCS - (.not file.) - ZoneAlarm Toolbar IswSvc (IswSvc) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISWSVC O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - (.not file.) - kl1 (kl1) .(.Pas de propriétaire - Pas de description.) - LEGACY_KL1 O64 - Services: CurCS - (.not file.) - Kaspersky Lab Driver (KLIF) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF O64 - Services: CurCS - (.not file.) - MASPINT (MASPINT) .(.Pas de propriétaire - Pas de description.) - LEGACY_MASPINT O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - (.not file.) - PCANDIS5 NDIS Protocol Driver (PCANDIS5) .(.Pas de propriétaire - Pas de description.) - LEGACY_PCANDIS5 O64 - Services: CurCS - C:\WINDOWS\system32\PSIService.exe - ProtexisLicensing (ProtexisLicensing) .(.Pas de propriétaire - nTitles PSIService.) - LEGACY_PROTEXISLICENSING O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - (.not file.) - Teefer for NT (Teefer) .(.Pas de propriétaire - Pas de description.) - LEGACY_TEEFER O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - (.not file.) - Tones (Tones) .(.Pas de propriétaire - Pas de description.) - LEGACY_TONES O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_UPLOADMGR O64 - Services: CurCS - (.not file.) - V124 (V124) .(.Pas de propriétaire - Pas de description.) - LEGACY_V124 O64 - Services: CurCS - (.not file.) - vsdatant (vsdatant) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSDATANT O64 - Services: CurCS - (.not file.) - TrueVector Internet Monitor (vsmon) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSMON O64 - Services: CurCS - (.not file.) - wpsdrvnt (wpsdrvnt) .(.Pas de propriétaire - Pas de description.) - LEGACY_WPSDRVNT ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <Mozilla.exe> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- (.Not Key.) (.not file.) O68 - StartMenuInternet: <WOOBrowser.exe> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe (.not file.) ---\\ Search Browser Infection (SBI) (O69) ---\\ Recherche d'infection Master Boot Record (O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net Run by Christelle at 06/05/2010 17:14:00 device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK ---\\ Infection BT - BHO/Toolbar (Possible) O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} . (.not file.) - (.not file.) [HKCU\Software\GamesBar] End of the scan (1012 lines in 01mn 04s) Ce que j'ai fait d'autre : un peu de place en supprimant quelques dossiers et en passant Ccleaner (avec l'option 35 passages) et installer Comodo en désactivant le firewall windows. Avant ça j'avais fait un scan en ligne avec Bitdefender et un autre avec mon propre antivirus Avast (résultat négatif dans les 2 cas). Les scans que tu a demandé hier ont été rapides. C'est le redémarrage de mon ordi qui a été long. J'avais eu "la bonne idée" de mettre l'option scan des fichiers à leur ouverture dans mon antivirus. A+
  15. cbr1975
    Bonsoir Mark, Merci de ton aide. J'ai fait ce que tu demandais. Résultat fichier Ark.txt : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-06 17:56:19 Windows 5.1.2600 Service Pack 2 Running: vj8ec5tr.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\pwkyquog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB2FD4226] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2D2AC08] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB2FD37CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB2FD3E8C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2D2AAC4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB2FD36A6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB2FD67BA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB2FD6B50] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB2FD31EA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB2D2B078] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2D2AFA2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2D2A69A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB2FD512C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB2FD536A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB2FD63F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB2FD3A66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB2FD4068] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2D2AB9E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2D2A5DA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB2FD3D16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2D2A63E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB2FD5552] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB2FD5916] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2D2ACBE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB2D2B146] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB2FD5E8A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2D2AC7E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB2FD613E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB2FD4842] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB2FD65C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2D2ADFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB2FD3A00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB2FD3C02] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB2FD3544] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB2FD33EA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B2D3497E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP B2D334AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF73CA870] ? C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 006E7F00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\Ati2evxx.exe[808] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[976] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 004EF2F0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] wininet.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] wininet.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2028] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PSIService.exe[2080] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 100255D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- EOF - GMER 1.0.15 ---- Résultat 2ème rapport : C:\Documents and Settings\Christelle\Mes documents\T‚l‚chargements\HAMeb_check.exe 06/05/2010 at 21:06:08,70 Compteÿ: actif Non Appartient aux groupes locaux ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK ~~ Checking for termsrv32.dll ~~ termsrv32.dll was not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~ Désolée, de ne pas t'avoir donné les résultat plus tôt. J'ai eu un problème de mémoire. J'ai du redémarrer mon PC. C'était en oubliant que j'avais paramétré Avast pour qu'il scan au démarrage : plus de 2 h pour redémarrer, génial ! A+
×
×
  • Créer...