needhelp51
Posts: 368 +0
GMER four:
.text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[924] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1000] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0099D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [08, 84]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 009ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 009AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0099D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 009A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 009A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 009A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 009A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 009A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 009A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1352] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll
.text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[908] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[924] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1000] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1000] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1012] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1012] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1012] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1060] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 0099D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [08, 84]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 009ABB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 009AB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0099D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 009A3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 009A4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 009A8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 009A8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 009A9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 009A9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1236] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1352] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe[1380] ADVAPI32.dll