Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Fichier mis en quarantaine, virus Win32:Qandr [Rtk]

cbr1975
 Partager

Messages recommandés

cbr1975 Junior Member

cbr1975

Posté(e)
Posté(e)

Bonjour à tous,

 

Avast a mis en quarantaine un certain nombre de fichiers. La plus part pour le virus Win32:Qandr [Rtk] dans les fichiers c:\WINDOWS\system32\drivers (58 fichiers dont 2 sous system32 uniquement), 1 autre pour Win32:Malware-gen dans le dossier Temp de Local Setting, 1 autre pour VBS:Malware-gen dans Program Files\Mozilla Firefox et le dernier pour JS:Jaderun-A [Expl] dans TemporaryInternetFiles\Content.IE5\IKXKUP2U.

 

J'ai fais un scan avec hijackthis, voici le rapport :

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:05:53, on 06/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Christelle\Mes documents\Téléchargements\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoftnews.com/ms/display_main.php?tac=Alexa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {83DF922D-4B34-4997-8CD6-07750881DD69} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\WINDOWS\TEMP\E_S15C.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: AllMusicBox - {83DF922D-4B34-4997-8CD6-07750881DD69} - (no file)

O9 - Extra 'Tools' menuitem: AllMusicBox - {83DF922D-4B34-4997-8CD6-07750881DD69} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: www.laredoute.fr

O15 - Trusted Zone: http://mannequin.redoute.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe

O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

--

End of file - 10014 bytes

 

 

J'ai également fait un scan avec ZHPDiag. Si vous voulez le résultat, je l'ai sauvegardé.

 

Note : j'ai passé Ccleaner entre la mise en quarantaine et le scan. J'aurai peut-être pas du ?

 

Note2 : il y a plusieurs sessions sur mon PC (5 dont 2 en mode administrateur).

 

 

Merci pour l'aide que l'un ou l'une d'entre vous pourra m'apporter.

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonjour cbr1975 ; je te souhaite la bienvenue sur le forum :P

 

Je regarde ça et soupçonne une infection pas très gentille... On va investiguer tout de suite :

===========

 

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

  • IAT/EAT
  • Drives/Partition other than System drive (typically C:\)
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Télécharge l'outil suivant (de noahdfear) sur ton Bureau :

http://noahdfear.net/downloads/HAMeb_check.exe

 

> Lance-le. Un rapport apparaîtra à l'écran ; copie/colle son contenu ici, dans ta réponse, en plus du rapport de GMER (Ark.txt).

 

Merci, et @+

 

Mark

cbr1975 Junior Member

cbr1975

Posté(e)
  • Auteur
Posté(e)

Bonsoir Mark,

 

Merci de ton aide.

 

J'ai fait ce que tu demandais.

 

Résultat fichier Ark.txt :

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-06 17:56:19

Windows 5.1.2600 Service Pack 2

Running: vj8ec5tr.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\pwkyquog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB2FD4226]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2D2AC08]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB2FD37CA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB2FD3E8C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2D2AAC4]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB2FD36A6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB2FD67BA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB2FD6B50]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB2FD31EA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB2D2B078]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2D2AFA2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2D2A69A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB2FD512C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB2FD536A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB2FD63F6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB2FD3A66]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB2FD4068]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2D2AB9E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2D2A5DA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB2FD3D16]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2D2A63E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB2FD5552]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB2FD5916]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2D2ACBE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB2D2B146]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB2FD5E8A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2D2AC7E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB2FD613E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB2FD4842]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB2FD65C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2D2ADFE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB2FD3A00]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB2FD3C02]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB2FD3544]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB2FD33EA]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B2D3497E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP B2D334AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF73CA870]

? C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe[244] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jusched.exe[252] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[360] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\services.exe[628] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\lsass.exe[640] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\ctfmon.exe[700] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 006E7F00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[796] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\Ati2evxx.exe[808] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[828] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[892] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[976] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 004EF2F0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[996] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1024] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] wininet.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1136] wininet.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1140] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1180] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1188] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[1352] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1476] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1700] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1736] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\Explorer.EXE[1760] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[1764] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[1880] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\SOUNDMAN.EXE[2028] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe[2036] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\PSIService.exe[2080] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2268] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2296] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\svchost.exe[2348] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Christelle\Mes documents\Téléchargements\vj8ec5tr.exe[2988] shell32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\wuauclt.exe[3024] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\System32\alg.exe[3120] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 100255D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ntdll.dll!LdrGetProcedureAddress 7C929328 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!OpenServiceW 77DB5F05 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!OpenServiceA 77DBE2AE 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateProcessAsUserW 77DC6285 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateProcessAsUserA 77DE09B0 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateServiceA 77E070B9 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ADVAPI32.dll!CreateServiceW 77E07251 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WS2_32.dll!WSASocketW 719F39CB 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WS2_32.dll!WSASocketA 719F8769 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteExW 7CA11823 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteEx 7CA50C15 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteA 7CA50F40 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] SHELL32.dll!ShellExecuteW 7CAC4FD0 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ole32.dll!CoCreateInstanceEx 774BFA6B 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] ole32.dll!CoGetClassObject 774D5DB2 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3652] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

 

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

 

---- EOF - GMER 1.0.15 ----

 

 

Résultat 2ème rapport :

 

C:\Documents and Settings\Christelle\Mes documents\T‚l‚chargements\HAMeb_check.exe

06/05/2010 at 21:06:08,70

 

Compteÿ: actif Non

Appartient aux groupes locaux

 

~~ Checking profile list ~~

 

No HelpAssistant profile in registry

 

~~ Checking for HelpAssistant directories ~~

 

none found

 

~~ Checking mbr ~~

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

 

~~ Checking for termsrv32.dll ~~

 

termsrv32.dll was not found

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

 

~~ Checking firewall ports ~~

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

 

 

~~ EOF ~~

 

 

Désolée, de ne pas t'avoir donné les résultat plus tôt. J'ai eu un problème de mémoire. J'ai du redémarrer mon PC. C'était en oubliant que j'avais paramétré Avast pour qu'il scan au démarrage : plus de 2 h pour redémarrer, génial !

 

A+

 

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Merci pour les raports :P

 

C'est un peu moins grave que ne le pensais au départ.

 

Je te fais faire un autre scan diagnostique, qui devrait se faire beaucoup plus rapidement :

=========

 

Télécharge DDS (par sUBs) du lien suivant et sauvegarde-le sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/dds.scr

  • Désactive la protection résidente de ton antivirus ; tu pourras la réactiver lorsque l'outil aura produit son rapport
  • Double-clique sur dds.scr afin de lancer l'outil
  • Un fichier texte apparaîtra lorsque l'analyse sera terminée, nommé DDS.txt
  • Clique Oui à l'invite suivante (Optional Scan)
  • Sauvegarde ces deux fichiers texte sur ton Bureau
  • Copie/colle seulement le contenu de DDS.txt ; conserve l'autre car je pourrais te le demander plus tard.

 

Pourrais-tu également me dire si tu as utilisé d'autres outils récemment et, si oui, me mettre le(s) rapports ici si tu les as ? Si tu as passé un outil mais ne trouve pas le rapport, ne le relance pas ; tu peux juste me le signaler.

@+

 

Mark

cbr1975 Junior Member

cbr1975

Posté(e)
  • Auteur
Posté(e)

Bonjour Mark,

 

En attendant le rapport DDS, voici celui de ZHPDiag que j'avais fait hiers à la suite de hijackthis :

 

Rapport de ZHPDiag v1.25.1420 par Nicolas Coolman

Run by Christelle at 06/05/2010 17:12:55

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox (3.6.3)

 

---\\ System Information

Platform : Microsoft Windows XP (5.1.2600) Service Pack 2

Processor: x86 Family 6 Model 10 Stepping 0, AuthenticAMD

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1023 MB (45% free)

System drive C: has 17 GB (15%) free of 112 GB

 

---\\ Logged in mode

Computer Name: ORDINATEUR-ACER

User Name: Christelle

Unselected Option: O1,O45,O61,O65

Logged in as Administrator

 

---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 112 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ CD-ROM drive (Not Inserted)

F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK

 

 

---\\ Processus lancés

[MD5.7418DC540608C9BAE4DFF58D2B427F63] - (.Neodio Corp. - Disk Monitor.) -- C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe [466944]

[MD5.25D60F3CD198007541B422CD34E677CE] - (.Microsoft® Corporation - Détection Microsoft® Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [50688]

[MD5.053D8D245118BEA6E21E1812871F67BA] - (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184]

[MD5.51F3C4FBEEF66CEBA7ABE43F4F5C1B69] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [81920]

[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280]

[MD5.8DE8DEFE523C005C5F88852E2493D67D] - (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2790472]

[MD5.466CE40EAA865752F4930A472563E4E1] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760]

[MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [952768]

[MD5.F8D68359931DAED84FEA3BEE9589C0B4] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2029456]

[MD5.64E41E8FEE655B03E3F19DED21BA5118] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360]

[MD5.90A84534D39468BE799807BED5187252] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.exe [182272]

[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088]

[MD5.4451CC2275B04043EC2BCC757AF97291] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312]

[MD5.44C47B8B923F83071EB14CCA57CEE361] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Ati2evxx.exe [303104]

[MD5.2979B03D5382A602623C0535B16AB9C0] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336]

[MD5.57E6D33E74C6D3F198890DB4933644A7] - (.ALWIL Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]

[MD5.C10D484A89EE0566D6A7B45A1D1F310C] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.exe [54784]

[MD5.56139566E462C1FB1775E140D4EE6B22] - (.COMODO - COMODO livePCsupport Service.) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744]

[MD5.8E0528204CA034CBC3AF65CF1831A4F4] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1769216]

[MD5.9D6BF82FE50D55F20F8E10E0F6653886] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104]

[MD5.B541F17CE162242478F02B4B22DBF204] - (.Borland Software Corporation - InterBase Server.) -- C:\Program Files\Borland\InterBase\bin\ibguard.exe [36864]

[MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.684CE2A70EE23C38A8C12B60E6E26A6F] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [335872]

[MD5.D07C9575726797B0E9069E1108A1C483] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224]

[MD5.259AF82A0932EEA4F316F92DB94707B6] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\System32\lsass.exe [13312]

[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\WINDOWS\system32\PSIService.exe [177704]

[MD5.DA81EC57ACD4CDC3D4C51CF3D409AF9F] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856]

[MD5.D2B096CD2F56FAC6EEEED9A77DDF6DC8] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544]

[MD5.54902536AAD0E9B99BC65F89C0CAF93F] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968]

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)) -- C:\WINDOWS\system32\ieframe.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} . (.Visicom Media Inc. - VMN Toolbar from http://toolbar.vmn.net.) -- C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: (no name) - {83DF922D-4B34-4997-8CD6-07750881DD69} . (.Pas de propriétaire - Pas de description.) --

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} . (.Visicom Media Inc. - VMN Toolbar from http://toolbar.vmn.net.) -- C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} . (.Comodo Group, Inc. - HopSurf Toolbar.) -- C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) --

 

 

---\\ Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [Disk Monitor] . (.Neodio Corp. - Disk Monitor.) -- C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] . (.Microsoft® Corporation - Détection Microsoft® Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [iSUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

O4 - HKLM\..\Run: [iSUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe

O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - Global Startup: OpenOffice.org 3.1.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\Office12\EXCEL.exe

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} . (.not file.) - (.not file.)

O9 - Extra button: AllMusicBox - {83DF922D-4B34-4997-8CD6-07750881DD69} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\IEToolbar\favicon.ico

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~4\Office12\REFBARH.ICO

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} . (.Comodo Group, Inc. - HopSurf Toolbar.) -- C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

 

 

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)

O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://GLOBAL.ACER.COM/

 

 

---\\ Site dans la Zone de confiance d'Internet Explorer (O15)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.laredoute.fr

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\guard32.dll (.not file.)

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\System32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: (Ati HotKey Poller) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.ALWIL Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) . (.Macrovision - Macrovision RTS Service.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) . (.COMODO - COMODO livePCsupport Service.) - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) . (.Borland Software Corporation - InterBase Server.) - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ProtexisLicensing (ProtexisLicensing) . (.Pas de propriétaire - nTitles PSIService.) - C:\WINDOWS\system32\PSIService.exe

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Démarrage du programme de réglages.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Notification de mise à jour critique Windows.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{57ABA29A-0DC9-4A8E-B0B0-D663AC33A41E}.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB29D119-0619-410C-A654-1BEC73E7BB94}.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Personnalisation du navigateur - >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\SwDir.dll

O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf

O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf

O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r42.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx

O40 - ASIC: Microsoft FrontPage Express - {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fpxpress.inf

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: COMODO Internet Security Sandbox Driver (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys

O41 - Driver: COMODO Internet Security Helper Driver (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM]

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Photoshop Elements 8.0 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Reader 9.3 - Français - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe SVG Viewer 3.0 - (.Adobe Systems, Inc..) [HKLM]

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM]

O42 - Logiciel: AlphaChess 3 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Anigames - (.Smoby Pl@yers.) [HKLM]

O42 - Logiciel: Atlantis Quest fr - (.Boonty.) [HKLM]

O42 - Logiciel: Azkend Deluxe - (.Zylom Games.) [HKLM]

O42 - Logiciel: Ballistik fr - (.Boonty.) [HKLM]

O42 - Logiciel: Big Kahuna Reef - (.Oberon Media.) [HKLM]

O42 - Logiciel: Brain Challenge - (.Mindscape.) [HKLM]

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]

O42 - Logiciel: COMODO Internet Security - (.COMODO Group Inc..) [HKLM]

O42 - Logiciel: COMODO livePCsupport - (.COMODO.) [HKLM]

O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Carom3D - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Chuzzle - (.Oberon Media.) [HKLM]

O42 - Logiciel: Comodo HopSurf - (.Comodo Security Solutions, Inc..) [HKLM]

O42 - Logiciel: Complément Microsoft Word pour Microsoft Works Suite - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: DVD Solution - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Defraggler - (.Piriform.) [HKLM]

O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM]

O42 - Logiciel: EPSON Attach To Email - (.SEIKO EPSON.) [HKLM]

O42 - Logiciel: EPSON Copy Utility 3 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON Easy Photo Print - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM]

O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON Stylus Photo RX585_RX610 Manuel - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: EPSON Web-To-Page - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Entraîneur Cérébral 2 - (.Mindscape.) [HKLM]

O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: FileZilla Client 3.2.8 - (.Pas de propriétaire.) [HKCU]

O42 - Logiciel: GTK+ 2.4.7 runtime environment - (.Tor Lillqvist.) [HKLM]

O42 - Logiciel: Generic USB Card Reader Driver v1.9e3 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Généatique 2010 - (.CDIP.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_01 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: Java 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: Je joue avec ma voix - (.Génération 5.) [HKLM]

O42 - Logiciel: KeyView for Lotus 97 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: LameACM - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Le Roi Lion Insectovorace - (.Oberon Media.) [HKLM]

O42 - Logiciel: Luxor - Amun Rising - (.Oberon Media.) [HKLM]

O42 - Logiciel: Luxor 2 fr - (.Boonty.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM]

O42 - Logiciel: Micro Motus - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework SDK (French) 1.1 - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office 2003 Web Components - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office 2007 Primary Interop Assemblies - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Small Business Connectivity Components - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Picture It! Photo Premium 9 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (EBP) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft SQL Server 2005 Tools Express Edition - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual J# .NET Redistributable Package 1.1 - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM]

O42 - Logiciel: Mozilla Thunderbird (2.0.0.24) - (.Mozilla.) [HKLM]

O42 - Logiciel: Nathalie Brooks Secrets of Treasure House fr - (.Boonty.) [HKLM]

O42 - Logiciel: Nvu 1.0 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM]

O42 - Logiciel: PC-Linq - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PDF-XChange 4 - (.Tracker Software Products Ltd.) [HKLM]

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM]

O42 - Logiciel: Pakoombo Deluxe - (.Zylom Games.) [HKLM]

O42 - Logiciel: PasswordTools - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Patiences et réussites 4 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Point de Croix - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PowerDVD - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PowerDirector - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PowerProducer - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: QBz - (.Oberon Media.) [HKLM]

O42 - Logiciel: Rainbow Mystery fr - (.Boonty.) [HKLM]

O42 - Logiciel: Rainbow Web - (.Oberon Media.) [HKLM]

O42 - Logiciel: S3 S3Display - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: S3 S3Gamma2 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: S3 S3Info2 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: S3 S3Overlay - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: SWiSH Max3 - (.SWiSHzone.com.) [HKLM]

O42 - Logiciel: SafeCast Shared Components - (.Macrovision.) [HKLM]

O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB973593) - (.Microsoft.) [HKLM]

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM]

O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB969693) - (.Microsoft.) [HKLM]

O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM]

O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM]

O42 - Logiciel: Slingo - (.Oberon Media.) [HKLM]

O42 - Logiciel: Spin and Play - (.Oberon Media.) [HKLM]

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM]

O42 - Logiciel: Sveerz - (.Oberon Media.) [HKLM]

O42 - Logiciel: Sélecteur d'installation de Microsoft Works 2004 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Tinos Fruit Stand - (.Oberon Media.) [HKLM]

O42 - Logiciel: TriJinx fr - (.Boonty.) [HKLM]

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM]

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM]

O42 - Logiciel: Update for Microsoft Office Word 2007 (KB974631) - (.Microsoft.) [HKLM]

O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb976884) - (.Microsoft.) [HKLM]

O42 - Logiciel: Utilitaire d'échange EBP 1.0 - (.EBP.) [HKLM]

O42 - Logiciel: V5385 Digital Camera Driver - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM]

O42 - Logiciel: VMN Toolbar - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Venice Mystery fr - (.Boonty.) [HKLM]

O42 - Logiciel: Version d'évaluation de Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Version d'évaluation de Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Vitalize! - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM]

O42 - Logiciel: Windows XP Service Pack 2 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: World Class Solitaire - (.Oberon Media.) [HKLM]

O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Zodiac - (.Oberon Media.) [HKLM]

O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM]

O42 - Logiciel: king.com (remove only) - (.Midasplayer Ltd (king.com).) [HKLM]

O42 - Logiciel: livebox - (.Pas de propriétaire.) [HKLM]

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\7-Zip]

[HKCU\Software\ALWIL Software]

[HKCU\Software\AVS4YOU]

[HKCU\Software\Addictive Software]

[HKCU\Software\Adobe]

[HKCU\Software\AlphaChess]

[HKCU\Software\Ancestrologie]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apperson and Daughters]

[HKCU\Software\Apperson]

[HKCU\Software\Applications WinDev]

[HKCU\Software\BVRP Software]

[HKCU\Software\Binary Noise]

[HKCU\Software\BitDefender]

[HKCU\Software\BitTorrent]

[HKCU\Software\Borland]

[HKCU\Software\Bsd Concept]

[HKCU\Software\CDIP]

[HKCU\Software\CORPUS]

[HKCU\Software\Clickteam]

[HKCU\Software\Clients]

[HKCU\Software\ComodoGroup]

[HKCU\Software\Comodo]

[HKCU\Software\Corel]

[HKCU\Software\Cronosoft]

[HKCU\Software\CyberLink]

[HKCU\Software\DAVID Gilles]

[HKCU\Software\Dark Skull Software]

[HKCU\Software\Developer Express]

[HKCU\Software\DivXNetworks]

[HKCU\Software\EBP]

[HKCU\Software\ELCIA]

[HKCU\Software\EPSON]

[HKCU\Software\FRANCE TELECOM]

[HKCU\Software\FUJIFILM]

[HKCU\Software\FileZilla]

[HKCU\Software\FreshDevices]

[HKCU\Software\FreshGames]

[HKCU\Software\GameHouse]

[HKCU\Software\GamesBar]

[HKCU\Software\GeneaNet]

[HKCU\Software\Google]

[HKCU\Software\Goto]

[HKCU\Software\Grisoft]

[HKCU\Software\HookNetwork]

[HKCU\Software\IAV]

[HKCU\Software\InstallShield]

[HKCU\Software\Intel]

[HKCU\Software\InterActive Vision]

[HKCU\Software\InterTrust]

[HKCU\Software\JEDI-VCL]

[HKCU\Software\Jasc]

[HKCU\Software\JavaSoft]

[HKCU\Software\Kodak]

[HKCU\Software\LDS Church]

[HKCU\Software\LanConfig]

[HKCU\Software\LitePC]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\MainConcept (Adobe2)]

[HKCU\Software\Memoweb 4]

[HKCU\Software\Micro Application]

[HKCU\Software\Mindscape]

[HKCU\Software\Monaco Gold Casino]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Namo]

[HKCU\Software\Netscape]

[HKCU\Software\NewTech Infosystems]

[HKCU\Software\Novell]

[HKCU\Software\ODBC]

[HKCU\Software\OXXOgames]

[HKCU\Software\Oberon Media]

[HKCU\Software\OpenOffice.org]

[HKCU\Software\PC SOFT]

[HKCU\Software\PDFCreator]

[HKCU\Software\POWERARC]

[HKCU\Software\Piriform]

[HKCU\Software\Pointsoft]

[HKCU\Software\Policies]

[HKCU\Software\funkitron]

[HKCU\Software\gst]

[HKCU\Software\mozilla.org]

[HKLM\Software\ALWIL Software]

[HKLM\Software\ATI Technologies]

[HKLM\Software\AVS4YOU]

[HKLM\Software\Adobe]

[HKLM\Software\Amigo]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Avance]

[HKLM\Software\BackWeb]

[HKLM\Software\BitTorrent]

[HKLM\Software\Boonty]

[HKLM\Software\Borland]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\CORPUS]

[HKLM\Software\Canon]

[HKLM\Software\CheckPoint]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ComodoGroup]

[HKLM\Software\CyberLink]

[HKLM\Software\Debug]

[HKLM\Software\Dekovir]

[HKLM\Software\Disney]

[HKLM\Software\DivXNetworks]

[HKLM\Software\EBP]

[HKLM\Software\ELCIA]

[HKLM\Software\EPSON]

[HKLM\Software\EURATEC]

[HKLM\Software\FRANCE TELECOM]

[HKLM\Software\FUJIFILM]

[HKLM\Software\FileZilla 3]

[HKLM\Software\FileZilla]

[HKLM\Software\FotoNation]

[HKLM\Software\FreshDevices]

[HKLM\Software\FreshGames]

[HKLM\Software\FullCircle]

[HKLM\Software\GST]

[HKLM\Software\GTK]

[HKLM\Software\GTek]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\Grisoft]

[HKLM\Software\Hulabee]

[HKLM\Software\IGB]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Kodak]

[HKLM\Software\LDS Church]

[HKLM\Software\LastBit]

[HKLM\Software\Licenses]

[HKLM\Software\LitePC]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Micro Application]

[HKLM\Software\MimarSinan]

[HKLM\Software\Mindscape]

[HKLM\Software\Monaco Gold Casino]

[HKLM\Software\Mozilla Thunderbird]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NEOACT]

[HKLM\Software\Novell]

[HKLM\Software\Nullsoft]

[HKLM\Software\ODBC]

[HKLM\Software\OpenOffice.org]

[HKLM\Software\PDFCreator]

[HKLM\Software\PTECH]

[HKLM\Software\Pervasive Software]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\PopCap]

[HKLM\Software\Program Groups]

[HKLM\Software\Prolific Technology Inc.]

[HKLM\Software\Protexis]

[HKLM\Software\RealNetworks]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\Reflexive Entertainment]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\RichFX]

[HKLM\Software\S3]

[HKLM\Software\SWiSHzone.com]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Sage]

[HKLM\Software\Sagem]

[HKLM\Software\Schlumberger]

[HKLM\Software\Secure]

[HKLM\Software\Skunkstudios]

[HKLM\Software\SmartDraw Software Inc.]

[HKLM\Software\Sonic]

[HKLM\Software\Stargaze Interactive]

[HKLM\Software\SugarGames]

[HKLM\Software\Sun Microsystems]

[HKLM\Software\Symantec]

[HKLM\Software\The Learning Company]

[HKLM\Software\Tracker Software]

[HKLM\Software\Verity]

[HKLM\Software\Via4in1Driver]

[HKLM\Software\VideoLAN]

[HKLM\Software\Visicom Media]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Windows]

[HKLM\Software\Wise Solutions]

[HKLM\Software\Xing Technology Corp.]

[HKLM\Software\Zeb-Utility]

[HKLM\Software\Zone Labs]

[HKLM\Software\generation5]

[HKLM\Software\mozilla.org]

 

 

---\\ Contenu des dossiers Fichiers Communs (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files\JRE

O43 - CFD:Common File Directory ----D- C:\Program Files\msn gaming zone

O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne

O43 - CFD:Common File Directory ----D- C:\Program Files\WindowsUpdate

O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express

O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting

O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage

O43 - CFD:Common File Directory ----D- C:\Program Files\xerox

O43 - CFD:Common File Directory ----D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\ELCIA

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\CheckPoint

O43 - CFD:Common File Directory ----D- C:\Program Files\PasswordTools

O43 - CFD:Common File Directory ----D- C:\Program Files\Generic

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\SWiSH Max3

O43 - CFD:Common File Directory ----D- C:\Program Files\Comodo

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works Suite 2004

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\LameACM

O43 - CFD:Common File Directory ----D- C:\Program Files\Nvu

O43 - CFD:Common File Directory ----D- C:\Program Files\WinAncetre

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Picture It! 9

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server

O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client

O43 - CFD:Common File Directory ----D- C:\Program Files\Zeb-Utility

O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN

O43 - CFD:Common File Directory ----D- C:\Program Files\vmntoolbar

O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application

O43 - CFD:Common File Directory ----D- C:\Program Files\IEToolbar

O43 - CFD:Common File Directory ----D- C:\Program Files\Génération 5

O43 - CFD:Common File Directory ----D- C:\Program Files\DivX

O43 - CFD:Common File Directory ----D- C:\Program Files\Google

O43 - CFD:Common File Directory ----D- C:\Program Files\ToniArts

O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla

O43 - CFD:Common File Directory ----D- C:\Program Files\FreeFTP

O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip

O43 - CFD:Common File Directory ----D- C:\Program Files\i-Media

O43 - CFD:Common File Directory ----D- C:\Program Files\MesFavoris

O43 - CFD:Common File Directory ----D- C:\Program Files\mozilla.org

O43 - CFD:Common File Directory ----D- C:\Program Files\Defraggler

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Thunderbird

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Small Business

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\Geneatique2010

O43 - CFD:Common File Directory ----D- C:\Program Files\Tracker Software

O43 - CFD:Common File Directory ----D- C:\Program Files\Grisoft

O43 - CFD:Common File Directory ----D- C:\Program Files\TLC-Edusoft

O43 - CFD:Common File Directory ----D- C:\Program Files\PC-Linq

O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo

O43 - CFD:Common File Directory ----D- C:\Program Files\Borland

O43 - CFD:Common File Directory ----D- C:\Program Files\Cnamoo

O43 - CFD:Common File Directory ----D- C:\Program Files\Cnamoo.net

O43 - CFD:Common File Directory ----D- C:\Program Files\DirectX

O43 - CFD:Common File Directory ----D- C:\Program Files\greenstreet

O43 - CFD:Common File Directory ----D- C:\Program Files\Kodak

O43 - CFD:Common File Directory ----D- C:\Program Files\TeXnicCenter

O43 - CFD:Common File Directory ----D- C:\Program Files\VNP Comp

O43 - CFD:Common File Directory ----D- C:\Program Files\PowerArchiver

O43 - CFD:Common File Directory ----D- C:\Program Files\orange

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox

O43 - CFD:Common File Directory ----D- C:\Program Files\Real

O43 - CFD:Common File Directory ----D- C:\Program Files\V5385 Digital Camera

O43 - CFD:Common File Directory ----D- C:\Program Files\Verity

O43 - CFD:Common File Directory ----D- C:\Program Files\Livecom

O43 - CFD:Common File Directory ----D- C:\Program Files\BoontyGames

O43 - CFD:Common File Directory ----D- C:\Program Files\BitTorrent

O43 - CFD:Common File Directory ----D- C:\Program Files\Boonty

O43 - CFD:Common File Directory ----D- C:\Program Files\Mes Jeux Téléchargés

O43 - CFD:Common File Directory ----D- C:\Program Files\Readiris Pro 9 Demo

O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software

O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\FDF

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Windows Script

O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger

O43 - CFD:Common File Directory ----D- C:\Program Files\NewSoft

O43 - CFD:Common File Directory ----D- C:\Program Files\PLUS!

O43 - CFD:Common File Directory ----D- C:\Program Files\Publication Web

O43 - CFD:Common File Directory ----D- C:\Program Files\QMgr

O43 - CFD:Common File Directory ----D- C:\Program Files\Soft4Ever

O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy

O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareBlaster

O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareGuard

O43 - CFD:Common File Directory ----D- C:\Program Files\UIU

O43 - CFD:Common File Directory ----D- C:\Program Files\WComptys

O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR

O43 - CFD:Common File Directory ----D- C:\Program Files\XnView

O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo

O43 - CFD:Common File Directory ----D- C:\Program Files\Smoby Players

O43 - CFD:Common File Directory ----D- C:\Program Files\SAGEM

O43 - CFD:Common File Directory ----D- C:\Program Files\FamilySearch

O43 - CFD:Common File Directory ----D- C:\Program Files\Win Généalogic

O43 - CFD:Common File Directory ----D- C:\Program Files\AlphaChess

O43 - CFD:Common File Directory ----D- C:\Program Files\Neoact

O43 - CFD:Common File Directory ----D- C:\Program Files\Mindscape

O43 - CFD:Common File Directory ----D- C:\Program Files\SoftwarePassport

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\epson

O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON Print CD

O43 - CFD:Common File Directory ----D- C:\Program Files\Zylom Games

O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Motus

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator

O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\GTK

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\GST

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\memoweb

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BOONTY Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PC SOFT

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ACD Systems

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adaptec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sage

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Vitalize

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ELCIA

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWiSHzone.com

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe AIR

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Borland Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Scanner

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.00000000000000000000000000000000] - 06/05/2010 - 14:04:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1179970]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 06/05/2010 - 12:38:26 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.7B4CAB06554F60432AEA2F6540C3151F] - 06/05/2010 - 11:05:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cc_20100506_120335.reg [35714]

O44 - LFC:[MD5.CE26D2B47616C3409129AB809F51610A] - 05/05/2010 - 19:53:28 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\zllictbl.dat [4212]

O44 - LFC:[MD5.C6302403D3C6BF45F99A6F21EEEE5D66] - 05/05/2010 - 18:52:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\entpack.ini [262]

O44 - LFC:[MD5.340402AC4A365595685676A558BA4F6F] - 05/05/2010 - 18:52:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\EntPack.dat [445]

O44 - LFC:[MD5.A1A53F00E858DD6721825674CDE16153] - 05/05/2010 - 14:29:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Cosmos.INI [1828]

O44 - LFC:[MD5.CC50A66548C2F285BC8A7B0B8AA578E3] - 05/05/2010 - 13:34:07 ---A- . (.Toshiba Corp. - Toshiba Libretto floppy controller.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [34688]

O44 - LFC:[MD5.7FD60B174D07FE3AA7B95BBE384FCC97] - 05/05/2010 - 11:11:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MAHJONGG.INI [41]

O44 - LFC:[MD5.ED7F0EA70BF000490EFB68EA872F0004] - 03/05/2010 - 18:02:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158]

O44 - LFC:[MD5.F55AA7EEEA047BB3D3A1912E277F3ACA] - 29/04/2010 - 09:44:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [448496]

O44 - LFC:[MD5.212AAC3F83704936D87A51B8733D7D83] - 22/04/2010 - 08:42:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cc_20100422_094013.reg [195424]

O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 16/04/2010 - 07:51:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]

O44 - LFC:[MD5.C3A7AC3D7C71DF622E2828A35ECB84A5] - 14/04/2010 - 17:47:24 ---A- . (.ALWIL Software - avast! Screen Saver stub.) -- C:\WINDOWS\System32\avastSS.scr [38848]

O44 - LFC:[MD5.96D4272206C09E87DD043E6339BAFA21] - 14/04/2010 - 17:47:04 ---A- . (.ALWIL Software - avast! start-up scanner.) -- C:\WINDOWS\System32\aswBoot.exe [153184]

O44 - LFC:[MD5.9E82102B7249EF33A1CC132F26AFEAC4] - 14/04/2010 - 17:35:48 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\System32\drivers\aswTdi.sys [46672]

O44 - LFC:[MD5.7DF85E2E544B505EE74D734A394E39C7] - 14/04/2010 - 17:35:26 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [162768]

O44 - LFC:[MD5.9A2F01E6BCECE7A1A1F39846E392CD41] - 14/04/2010 - 17:31:40 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\System32\drivers\aswRdr.sys [23376]

O44 - LFC:[MD5.71A24FC1564C39CF834ACEC3396577E6] - 14/04/2010 - 17:31:12 ---A- . (.ALWIL Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon2.sys [100432]

O44 - LFC:[MD5.098E3A9FFAE8CA693FAE7229F6E659B7] - 14/04/2010 - 17:31:10 ---A- . (.ALWIL Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\System32\drivers\aswmon.sys [94800]

O44 - LFC:[MD5.7F7135C14ED4FB190AA75CB1FD1F14E8] - 14/04/2010 - 17:31:02 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [19024]

O44 - LFC:[MD5.94321612E022BAED249BF6BC2B9DDF9E] - 14/04/2010 - 17:30:46 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\System32\drivers\aavmker4.sys [28880]

O44 - LFC:[MD5.93981ACF218F06B4D98C995906F51852] - 09/04/2010 - 00:26:12 ---A- . (.COMODO - COMODO Internet Security.) -- C:\WINDOWS\System32\guard32.dll [277240]

O44 - LFC:[MD5.508837E828309BD8444AE5C7550C2C17] - 09/04/2010 - 00:25:48 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\WINDOWS\System32\drivers\inspect.sys [86800]

O44 - LFC:[MD5.45A1F7D2890681F22406458D93D03CC1] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [25240]

O44 - LFC:[MD5.EE8D7168CBBE3AF052EA93015F51ABE9] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [225344]

O44 - LFC:[MD5.AE1C31D030A21F0AFABE2DF269D1181F] - 09/04/2010 - 00:25:44 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\WINDOWS\System32\drivers\cmderd.sys [15464]

 

 

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

 

 

---\\ Export de clé d'application autorisée (ECAA) (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [Enabled] .(.Pas de propriétaire - .) (.not file.) -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\BitTorrent\bittorrent.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\Orb.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\Orb.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\OrbTray.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe

O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb-4.09\gw\gwd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb-4.09\gw\gwd.exe

O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe

O47 - AAKE:Key Export SP - "C:\Program Files\BoontyGames\Jeopardy\JEOPARDY!.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\BoontyGames\Jeopardy\JEOPARDY!.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\fxsclnt.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\WINDOWS\System32\fxsclnt.exe

O47 - AAKE:Key Export SP - "c:\Program Files\Microsoft Expression\Media 2\Media.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Microsoft Expression\Media 2\Media.exe

O47 - AAKE:Key Export SP - "C:\PVSW\Bin\w3dbsmgr.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\PVSW\Bin\w3dbsmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\FreeFTP\FreeFTP.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FreeFTP\FreeFTP.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) (.not file.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Geneamania\mysql\bin\mysqld.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Geneamania\mysql\bin\mysqld.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Geneamania\apache\bin\httpd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Geneamania\apache\bin\httpd.exe

O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwsetup.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwsetup.exe

O47 - AAKE:Key Export SP - "C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\GeneWeb Bases\gw-5.00\gw\gwd.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "C:\PVSW\Bin\w3dbsmgr.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\PVSW\Bin\w3dbsmgr.exe

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.l3acm"="L3CODECA.ACM" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\L3CODECA.ACM

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.iac2"="iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"VIDC.VDOM"="vdowave.drv" . (.VDOnet LTD.. - vdowave.) -- C:\WINDOWS\System32\vdowave.drv

O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\WINDOWS\System32\scg726.acm

O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll

O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll

O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\LameACM.acm

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"L3CODECA.ACM"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\L3CODECA.ACM

O52 - TDSD: \drivers.desc\"vdowave.drv"="VDOnet VDOWave Video Codec" . (.VDOnet LTD.. - vdowave.) -- C:\WINDOWS\System32\vdowave.drv

O52 - TDSD: \drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.8.0 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"LameACM.acm"="LameACM" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\LameACM.acm

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=

O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoSMConfigurePrograms"=1

O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoSMConfigurePrograms"=1

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 19:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 19:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 19:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys

O58 - SDL:[MD5.098E3A9FFAE8CA693FAE7229F6E659B7] - 14/04/2010 - 17:31:10 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys

O58 - SDL:[MD5.293BCAF4EF7AFCC4B00D28F75C420356] - 05/09/2003 - 05:58:24 ---A- . (.THOMSON - WAN Driver.) -- C:\WINDOWS\system32\drivers\alcan5wn.sys

O58 - SDL:[MD5.08F60F40D1A2A95A1F12EDDBD9F25C1C] - 03/11/2006 - 20:49:46 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS

O58 - SDL:[MD5.71A24FC1564C39CF834ACEC3396577E6] - 14/04/2010 - 17:31:12 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys

O58 - SDL:[MD5.8A5E67FC653CA3EB46C60C3C8F26EF04] - 21/06/2000 - 18:09:56 ---A- . (.Hewlett-Packard Company - USB Driver.) -- C:\WINDOWS\system32\drivers\HPZUSB00.SYS

O58 - SDL:[MD5.509B6D9811DD10F1998B8B8A8ACC1BD4] - 01/08/2004 - 07:09:24 ---A- . (.OrangeWare Corporation - USB 2.0 Hub Driver.) -- C:\WINDOWS\system32\drivers\ousb2hub.sys

O58 - SDL:[MD5.C5286BD64FC2E4550820E92290D2BC90] - 01/08/2004 - 07:09:24 ---A- . (.OrangeWare Corporation - USB 2.0 Enhanced Host Controller Driver.) -- C:\WINDOWS\system32\drivers\ousbehci.sys

O58 - SDL:[MD5.153D02480A0A2F45785522E814C634B6] - 16/06/2008 - 02:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys

O58 - SDL:[MD5.7DF85E2E544B505EE74D734A394E39C7] - 14/04/2010 - 17:35:26 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys

O58 - SDL:[MD5.8B0B3474A8DA1AB41050637CF34C0959] - 04/08/2003 - 19:14:34 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys

O58 - SDL:[MD5.59A5283CCC889FB41CB72BFC58E82B7D] - 20/07/2003 - 09:26:30 ---A- . (.ATI Technologies Inc. - ATI Radeon Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys

O58 - SDL:[MD5.7F7135C14ED4FB190AA75CB1FD1F14E8] - 14/04/2010 - 17:31:02 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys

O58 - SDL:[MD5.94321612E022BAED249BF6BC2B9DDF9E] - 14/04/2010 - 17:30:46 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys

O58 - SDL:[MD5.0D856D16C08440BFB566D6CDD9948D4E] - 12/03/2008 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys

O58 - SDL:[MD5.9714B7C918C6543D69074EC101F86AC4] - 12/03/2008 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys

O58 - SDL:[MD5.9E82102B7249EF33A1CC132F26AFEAC4] - 14/04/2010 - 17:35:48 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys

O58 - SDL:[MD5.9A2F01E6BCECE7A1A1F39846E392CD41] - 14/04/2010 - 17:31:40 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys

O58 - SDL:[MD5.4B039BBD037B01F5DB5A144C837F283A] - 02/07/2003 - 03:42:00 ---A- . (.VIA Technologies, Inc. - VIA NT AGP Filter.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS

O58 - SDL:[MD5.1475A9533649935A048EA5E27F8C3B37] - 07/05/2006 - 06:30:00 ---A- . (.SafeNet, Inc. - Sentinel USB Security Device Driver.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS

O58 - SDL:[MD5.BDB16789E789F087B43B5F75032D4FDC] - 05/09/2003 - 05:58:22 ---A- . (.THOMSON - WDM Driver.) -- C:\WINDOWS\system32\drivers\alcaudsl.sys

O58 - SDL:[MD5.AE1C31D030A21F0AFABE2DF269D1181F] - 09/04/2010 - 00:25:44 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\WINDOWS\system32\drivers\cmderd.sys

O58 - SDL:[MD5.CD86A348FC4016842DBD5AC7398FB48D] - 23/09/2003 - 08:09:00 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS

O58 - SDL:[MD5.A9355A51698F6901B362EF738B15631D] - 23/09/2003 - 08:03:00 ---A- . (.Sensaura Ltd - Sensaura WDM 3D Audio Driver.) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS

O58 - SDL:[MD5.CC50A66548C2F285BC8A7B0B8AA578E3] - 03/08/2004 - 21:59:34 ---A- . (.Toshiba Corp. - Toshiba Libretto floppy controller.) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys

O58 - SDL:[MD5.E8C619C6C6BDE90D130DDA87150E1944] - 02/10/2003 - 19:04:00 ---A- . (.Copyright © VIA/S3 Graphics, Inc. - VIA/S3G Miniport Driver.) -- C:\WINDOWS\system32\drivers\vtmini.sys

O58 - SDL:[MD5.2F4B3C0E58D4A7BD8E38D1CD9CA47691] - 08/01/2001 - 08:53:24 ---A- . (.Pas de propriétaire - PC-Linq Bridge Cable.) -- C:\WINDOWS\system32\drivers\usbbc.sys

O58 - SDL:[MD5.EE8D7168CBBE3AF052EA93015F51ABE9] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\WINDOWS\system32\drivers\cmdGuard.sys

O58 - SDL:[MD5.45A1F7D2890681F22406458D93D03CC1] - 09/04/2010 - 00:25:46 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\WINDOWS\system32\drivers\cmdhlp.sys

O58 - SDL:[MD5.508837E828309BD8444AE5C7550C2C17] - 09/04/2010 - 00:25:48 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\WINDOWS\system32\drivers\inspect.sys

O58 - SDL:[MD5.15A72D5B8F0B6A718207F14BD5EBB8FF] - 24/02/2004 - 13:37:14 ---A- . (.NewTech Infosystems, Inc. - NTI CD-ROM Filter Driver.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys

O58 - SDL:[MD5.C68E5DFBDAFE5C9FA1F7B3670D1F35BF] - 05/09/2003 - 05:58:12 ---A- . (.THOMSON - Helper.) -- C:\WINDOWS\system32\drivers\alcacr.sys

O58 - SDL:[MD5.908F76685A9667007028CD998B7912AE] - 05/09/2003 - 05:58:18 ---A- . (.THOMSON - Helper.) -- C:\WINDOWS\system32\drivers\alcawh.sys

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 19:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys

O58 - SDL:[MD5.CEEF86CB35ABE95C40A88784F5B631AD] - 04/08/2003 - 13:22:44 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\pcandis5.sys

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys

O58 - SDL:[MD5.EC342DC503DECDD7127804EF6176FE1C] - 22/06/2009 - 18:36:28 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys

O58 - SDL:[MD5.5DF90CE2D6B193B0626B970C82216D21] - 19/01/2005 - 13:25:44 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\F528341998.sys

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys

O58 - SDL:[MD5.A4C5B42B8BBE51140EB08E08CCCB8795] - 22/06/2009 - 18:30:58 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\98193428F5.sys

 

 

---\\ Recherche heuristique Magic.control (HSMI) (O59)

O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_nav.dat

O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_navps.dat

O59 - HSMI:Heuristic Search MagicControl Infection - C:\WINDOWS\system32\pwwhjeod_navtmp.dat

O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\pack.epk

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.)

 

 

---\\ Liste des services Legacy (LALS) (O64)

O64 - Services: CurCS - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(.Pas de propriétaire - Pas de description.) - LEGACY_AAVMKER4

O64 - Services: CurCS - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe - Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) .(.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) - LEGACY_ADOBEACTIVEFILEMONITOR8.0

O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK

O64 - Services: CurCS - (.not file.) - avast! Standard Shield Support (aswMon2) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWMON2

O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWRDR

O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP

O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWTDI

O64 - Services: CurCS - C:\WINDOWS\System32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATI_HOTKEY_POLLER

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Antivirus (avast! Antivirus) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Mail Scanner (avast! Mail Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_MAIL_SCANNER

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Web Scanner (avast! Web Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_WEB_SCANNER

O64 - Services: CurCS - (.not file.) - AVG7 Wrap Driver (Avg7RsW) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG7RSW

O64 - Services: CurCS - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe - Boonty Games (Boonty Games) .(.BOONTY - System Level Service Utility.) - LEGACY_BOONTY_GAMES

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\CDAC11BA.exe - C-DillaCdaC11BA (C-DillaCdaC11BA) .(.Macrovision - Macrovision RTS Service.) - LEGACY_C-DILLACDAC11BA

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\CdaC15BA.sys - CdaC15BA (CdaC15BA) .(.Macrovision Europe Ltd - Macrovision SECURITY Driver.) - LEGACY_CDAC15BA

O64 - Services: CurCS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe - COMODO livePCsupport Service (CLPSLS) .(.COMODO - COMODO livePCsupport Service.) - LEGACY_CLPSLS

O64 - Services: CurCS - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - COMODO Internet Security Helper Service (cmdAgent) .(.Pas de propriétaire - Pas de description.) - LEGACY_CMDAGENT

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cmdguard.sys - COMODO Internet Security Sandbox Driver (cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cmdhlp.sys - COMODO Internet Security Helper Driver (cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP

O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH

O64 - Services: CurCS - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(.Pas de propriétaire - Pas de description.) - LEGACY_EECTRL

O64 - Services: CurCS - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - FLEXnet Licensing Service (FLEXnet Licensing Service) .(.Acresso Software Inc. - Activation Licensing Service.) - LEGACY_FLEXNET_LICENSING_SERVICE

O64 - Services: CurCS - (.not file.) - Fsks (Fsks) .(.Pas de propriétaire - Pas de description.) - LEGACY_FSKS

O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\inspect.sys - COMODO Internet Security Firewall Driver (Inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT

O64 - Services: CurCS - (.not file.) - ZoneAlarm Toolbar ISWKL (ISWKL) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISWKL

O64 - Services: CurCS - (.not file.) - ZoneAlarm Toolbar IswSvc (IswSvc) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISWSVC

O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - (.not file.) - kl1 (kl1) .(.Pas de propriétaire - Pas de description.) - LEGACY_KL1

O64 - Services: CurCS - (.not file.) - Kaspersky Lab Driver (KLIF) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF

O64 - Services: CurCS - (.not file.) - MASPINT (MASPINT) .(.Pas de propriétaire - Pas de description.) - LEGACY_MASPINT

O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR

O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP

O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS

O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR

O64 - Services: CurCS - (.not file.) - PCANDIS5 NDIS Protocol Driver (PCANDIS5) .(.Pas de propriétaire - Pas de description.) - LEGACY_PCANDIS5

O64 - Services: CurCS - C:\WINDOWS\system32\PSIService.exe - ProtexisLicensing (ProtexisLicensing) .(.Pas de propriétaire - nTitles PSIService.) - LEGACY_PROTEXISLICENSING

O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP

O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS

O64 - Services: CurCS - (.not file.) - Teefer for NT (Teefer) .(.Pas de propriétaire - Pas de description.) - LEGACY_TEEFER

O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE

O64 - Services: CurCS - (.not file.) - Tones (Tones) .(.Pas de propriétaire - Pas de description.) - LEGACY_TONES

O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_UPLOADMGR

O64 - Services: CurCS - (.not file.) - V124 (V124) .(.Pas de propriétaire - Pas de description.) - LEGACY_V124

O64 - Services: CurCS - (.not file.) - vsdatant (vsdatant) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSDATANT

O64 - Services: CurCS - (.not file.) - TrueVector Internet Monitor (vsmon) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSMON

O64 - Services: CurCS - (.not file.) - wpsdrvnt (wpsdrvnt) .(.Pas de propriétaire - Pas de description.) - LEGACY_WPSDRVNT

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Mozilla.exe> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- (.Not Key.) (.not file.)

O68 - StartMenuInternet: <WOOBrowser.exe> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe (.not file.)

 

 

---\\ Search Browser Infection (SBI) (O69)

 

 

---\\ Recherche d'infection Master Boot Record (O80)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

Run by Christelle at 06/05/2010 17:14:00

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

 

 

---\\ Infection BT - BHO/Toolbar (Possible)

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} . (.not file.) - (.not file.)

[HKCU\Software\GamesBar]

 

 

 

End of the scan (1012 lines in 01mn 04s)

 

 

 

Ce que j'ai fait d'autre : un peu de place en supprimant quelques dossiers et en passant Ccleaner (avec l'option 35 passages) et installer Comodo en désactivant le firewall windows. Avant ça j'avais fait un scan en ligne avec Bitdefender et un autre avec mon propre antivirus Avast (résultat négatif dans les 2 cas).

 

 

 

 

Les scans que tu a demandé hier ont été rapides. C'est le redémarrage de mon ordi qui a été long. J'avais eu "la bonne idée" de mettre l'option scan des fichiers à leur ouverture dans mon antivirus.

 

A+

cbr1975 Junior Member

cbr1975

Posté(e)
  • Auteur
Posté(e)

J'ai oublier de désactiver mon anti-virus avant de lancer le sacn. Je l'ai laissé finir, dois-je recommencer ?

 

 

Sinon, voici le rapport DDS :

 

 

DDS (Ver_10-03-17.01) - FAT32x86

Run by Christelle at 9:43:06,43 on 07/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.354 [GMT 2:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

 

============== Running Processes ===============

 

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

SVCHOST.EXE

SVCHOST.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

SVCHOST.EXE

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Christelle\Mes documents\Téléchargements\dds.scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = hxxp://www.lavasoftnews.com/ms/display_main.php?tac=Alexa

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: {83DF922D-4B34-4997-8CD6-07750881DD69} - No File

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL

TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll

TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [EPSON Stylus Photo RX585 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticle.exe /fu "c:\windows\temp\E_S15C.tmp" /EF "HKCU"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Disk Monitor] c:\program files\generic\usb card reader driver v1.9e3\Disk_Monitor.exe

mRun: [Microsoft Works Update Detection] c:\program files\fichiers communs\microsoft shared\works shared\WkUFind.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [VTTimer] VTTimer.exe

mRun: [iSUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\christ~1\menudé~1\progra~1\démarr~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}

IE: {83DF922D-4B34-4997-8CD6-07750881DD69} - {83DF922D-4B34-4997-8CD6-07750881DD69}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll

Trusted Zone: laredoute.fr\www

Trusted Zone: redoute.fr\mannequin

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove

Hosts: 127.0.0.1 www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\4cho2zh0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/|http://entreprise-fournier.fr/

FF - component: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\christelle\application data\mozilla\firefox\profiles\4cho2zh0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npcnc32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-12 164048]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-12 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]

S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibguard.exe -i c:\program files\borland\InterBase [?]

S2 MSSQL$EBP;SQL Server (EBP);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]

S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2006-11-3 69120]

S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\c4c_bsc2.sys --> c:\windows\system32\drivers\C4C_BSC2.sys [?]

S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibserver.exe -i c:\program files\borland\InterBase [?]

 

============== File Associations ===============

 

.txt=

 

=============== Created Last 30 ================

 

2010-05-06 15:12:41 0 d-----w- c:\program files\ZHPDiag

2010-05-06 11:38:59 0 d--h--w- C:\VritualRoot

2010-05-06 11:38:29 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO

2010-05-06 11:20:08 0 d-----w- c:\program files\Comodo

2010-05-06 11:20:08 0 d-----w- c:\docume~1\christ~1\applic~1\Comodo

2010-05-06 10:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader

2010-05-06 10:03:39 35714 ----a-w- C:\cc_20100506_120335.reg

2010-05-06 07:13:36 0 d-----w- c:\windows\Internet Logs

2010-05-06 06:52:28 0 d-sh--w- C:\FOUND.000

2010-05-05 18:26:26 0 d-----w- c:\docume~1\christ~1\applic~1\CheckPoint

2010-05-05 18:25:43 0 d-----w- c:\program files\CheckPoint

2010-05-05 15:10:35 0 d-----w- c:\docume~1\christ~1\applic~1\QuickScan

2010-05-05 13:12:57 0 d-----w- c:\program files\fichiers communs\Scanner

2010-05-05 12:34:07 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-05-05 12:34:05 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-05-05 12:34:03 8192 ----a-w- c:\windows\system32\drivers\Changer.sys

2010-05-05 12:30:37 16 ----a-w- c:\docume~1\christ~1\applic~1\qvjsge.dat

2010-04-22 07:40:15 195424 ----a-w- C:\cc_20100422_094013.reg

2010-04-13 14:19:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-04-08 23:26:12 277240 ----a-w- c:\windows\system32\guard32.dll

2010-04-08 23:25:46 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-04-08 23:25:46 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-04-08 23:25:44 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys

 

==================== Find3M ====================

 

2010-05-06 16:14:10 37992 ----a-w- c:\docume~1\christ~1\applic~1\wklnhst.dat

2010-05-05 18:53:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-03-02 09:04:04 565908 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-02 09:04:04 563042 ----a-w- c:\windows\system32\perfh040.dat

2010-03-02 09:04:04 108368 ----a-w- c:\windows\system32\perfc00C.dat

2010-03-02 09:04:04 106672 ----a-w- c:\windows\system32\perfc040.dat

2010-02-12 09:03:04 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-12 04:36:04 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll

2010-02-12 04:36:04 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 11:08:26 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys

2008-10-07 07:53:20 774144 ----a-w- c:\program files\RngInterstitial.dll

2007-11-20 11:01:46 364521 ----a-w- c:\windows\inf\DRVDATA.BIN

2007-11-20 11:01:46 1233547 ----a-w- c:\windows\inf\DRVIDX.BIN

2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

1998-09-29 11:56:48 10000 ----a-w- c:\windows\inf\unregpn.exe

2009-06-22 17:36:28 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys

2005-01-19 12:25:44 56 --sh--r- c:\windows\system32\F528341998.sys

2009-06-22 17:30:58 88 --sh--r- c:\windows\system32\98193428F5.sys

 

============= FINISH: 9:44:36,37 ===============

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Merci pour les rapports :P

 

On dirait bien qu'Avast ait réussi à bloquer l'infection. As-tu des symptômes ou signes qui t'indiquerait le contraire ? Des alertes douteuses de Comodo ou d'Avast! ?

 

Je te propose tout de même un scan rapide avec MalwareBytes' Anti-Malware :

==========

 

Télécharge Malwarebytes' Anti-Malware du lien suivant :

 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

  • Installe-le puis lance-le
  • De l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche" ;
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse sera lancée ;
  • Lorsque complétée, un message s'affichera indiquant la fin de l'analyse. Clique sur "OK" pour poursuivre.
  • Ferme tes navigateurs
  • Si des malwares ont été détectés, leur liste s'affichera.
    En cliquant sur Suppression (ou équivalent) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta réponse.

 

@++

 

Mark

cbr1975 Junior Member

cbr1975

Posté(e)
  • Auteur
Posté(e)

Avast a du bloqué l'infection puisque les fichiers infectés son en quarantaine.

 

Mes problèmes : uniquement au démarrage, "disparaissent" après plusieurs reboot

 

- la barre des taches n'est pas disponible soit parce qu'elle n'est pas affichée soit parce qu'il y a le sablier (les applis du bureau sont accessibles)

 

- les applis du bureau se bloquent (notamment la messagerie et le navigateur), n'apparaissent pas dans la barre des taches quand celle-ci n'est pas disponible.

 

Je reboot plusieurs fois et quand j'en ai marre, je démarrare ma session et vais faire autre chose. Quand je reviens, il n'y a plus de problème.

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Rebonsoir :P

 

Mouin, pas normal tout ça, en effet. As-tu fais l'analyse avec MalwareBytes' Anti-Malware ?

 

Je me demande si Comodo ne serait pas responsable pour ces problèmes...

 

Si MalwareBytes ne trouve rien, désinstalle le pare-feu Comodo et regarde si ça aide.

 

@++

 

Mark

cbr1975 Junior Member

cbr1975

Posté(e)
  • Auteur
Posté(e)

J'ai fais l'analyse avec MalwareBytes' Anti-Malware. Après la suppression des problèmes, il m'a demander de redémarrer mon PC pour terminer le travail.

 

Je ne crois pas que Comodo soit en cause. Je l'ai installé hier ... quoi que ... je ne me rappelle pas si j'avais les problèmes au démarrage (20 mm d'attente avant de pouvoir utilisé le PC) avant son installation.

 

 

Sinon, voici le rapport de MBAM :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4075

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

07/05/2010 18:24:47

mbam-log-2010-05-07 (18-24-47).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 161210

Temps écoulé: 11 minute(s), 44 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\pwwhjeod_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pwwhjeod_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system\INTERNAT.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system\DLLHOST.EXE (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

A+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...