GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-25 22:40:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-16 ST3250410AS rev.3.AAA Running: j87ywsrv.exe; Driver: C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\kwxiqfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3E45DF8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB41F9824] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB3ED2A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB3E4685E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3E72D5D] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB41F8DD0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3E4B2E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3E4B330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB41F948A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB3E4B422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB3E72711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3E4B252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB3E4B374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3E4B29A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB41FBFA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB41F87BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3E4B3DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3E45E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3E73423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3E736D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3E489A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3E7328E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3E730F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB3ED2B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3E45AD6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB41F9098] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3E45E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3E48D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3E46B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3E4B30E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB3E4B352] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB41F9666] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB3E4B446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB3E72A6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3E4B278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3E48518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB3E4B3AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3E4B2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3E4874C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB3E4B400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3ED2CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3E72F74] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB41FB0E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3E469CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3E72DC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB3EDCB68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3E71D84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3E45EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3E45F28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB41F9E76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3E45B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3E45CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3E7352A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3E45C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3E45D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB3ED2D60] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB41F89C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3E45F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB3ED2BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB3EE8D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 16 Bytes [E4, B2, E4, B3, 30, B3, E4, ...] .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 20 Bytes [74, B3, E4, B3, 9A, B2, E4, ...] .text ntoskrnl.exe!ZwYieldExecution + 232 804E4A8C 5 Bytes [1C, 8D, E4, B3, 02] .text ntoskrnl.exe!ZwYieldExecution + 238 804E4A92 2 Bytes [E4, B3] {IN AL, 0xb3} .text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 16 Bytes [0E, B3, E4, B3, 52, B3, E4, ...] PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B3EE774C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576705 4 Bytes CALL B3E4719F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7F4 7 Bytes JMP B3EE8D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E0536 5 Bytes JMP B3EE5C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6B7C3A0, 0x5FE082, 0xE8000020] .text win32k.sys!EngAcquireSemaphore + 20EE BF8082C7 5 Bytes JMP B41FD638 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP B41FE4D4 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP B3E4A07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 5BD5 BF80EE53 5 Bytes JMP B41FD9AE \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP B41FED80 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP B41FDE8E \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP B41FD37E \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP B41FE614 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngCreateBitmap + 138F BF828E1D 5 Bytes JMP B41FD07A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP B3E4A4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EAC 5 Bytes JMP B41FEC3A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85174B 5 Bytes JMP B41FD51C \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B41FDD3A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!XLATEOBJ_iXlate + 2EDB BF85DC4E 5 Bytes JMP B41FD7F2 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B3E49384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B3E49562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5F2 5 Bytes JMP B41FEDBE \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngCreatePalette + 5457 BF8649C1 5 Bytes JMP B3E4A0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4138 BF873D04 5 Bytes JMP B3E4951C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890F6A 5 Bytes JMP B41FEB0A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngGradientFill + 26EE BF894515 5 Bytes JMP B41FE8A0 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngStretchBltROP + 583 BF894FED 5 Bytes JMP B3E4A450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C393 5 Bytes JMP B41FDFF2 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngCopyBits + 4DEC BF89D928 5 Bytes JMP B3E48FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 59C7 BF8AB083 5 Bytes JMP B41FD20A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngEraseSurface + A9DC BF8C1E70 5 Bytes JMP B41FDBB6 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngFillPath + 1517 BF8CA2D2 5 Bytes JMP B41FE254 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngFillPath + 1797 BF8CA552 5 Bytes JMP B41FE9E6 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBF17 5 Bytes JMP B41FF054 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngDeleteSemaphore + CB53 BF8F4F2C 5 Bytes JMP B3E4973C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A5A BF913814 5 Bytes JMP B3E48F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 262E BF9143E8 5 Bytes JMP B41FE34C \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngCreateClip + 4FA7 BF916D61 5 Bytes JMP B41FE156 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text win32k.sys!EngPlgBlt + 1937 BF946E38 5 Bytes JMP B41FE760 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) .text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB2D95000, 0x328BA, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB2DD9000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB2DF5000, 0x8E, 0x42000040] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB27AB300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB4197300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[244] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[244] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrB.exe[728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrB.exe[728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrB.exe[728] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrB.exe[728] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\smss.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[864] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[864] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[876] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1044] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1044] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1120] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005F1014 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005F0804 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005F0A08 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 005F0C0C .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005F0E10 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005F01F8 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005F03FC .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005F0600 .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1252] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1368] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1368] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1756] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text F:\instalatory\j87ywsrv.exe[1828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text F:\instalatory\j87ywsrv.exe[1828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A00804 .text F:\instalatory\j87ywsrv.exe[1828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A00A08 .text F:\instalatory\j87ywsrv.exe[1828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A00600 .text F:\instalatory\j87ywsrv.exe[1828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A001F8 .text F:\instalatory\j87ywsrv.exe[1828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A003FC .text F:\instalatory\j87ywsrv.exe[1828] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014 .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804 .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08 .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10 .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8 .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC .text F:\instalatory\j87ywsrv.exe[1828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600 .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1872] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[1968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00AB1014 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00AB0804 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00AB0A08 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00AB0C0C .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00AB0E10 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AB01F8 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AB03FC .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00AB0600 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AC0804 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AC0A08 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AC0600 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AC01F8 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AC03FC .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RUNDLL32.EXE[2000] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2020] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[2028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\użytkownik\Local Settings\Apps\F.lux\flux.exe[2040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2792] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00650002 IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00650000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\prodrv06 \Device\ProDrv06 E1FE8938 Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-16 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E19890F0 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xED 0x81 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x1D 0x43 0x46 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x1D 0x43 0x46 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9D 0xA1 0x1C 0xCE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0xAA 0xF3 0x2F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4C 0x02 0xDA 0x44 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0xED 0x81 0x82 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x1D 0x43 0x46 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ----