Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

first time! please help me with my logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

first time! please help me with my logfile

Unread postby casulino » July 29th, 2009, 7:02 am

Hello, my provider complains that either a virus, trojan or spam is send by our home-network. So it shut the Internet access down. As we are all (3 of us) only private, inoffensive users, we now try to check our PCs to find where the problem comes from. After running Avira Antivir and Spybot S&D, without any findings, I now try to figure out, how HiJackThis works and what it is useful for. I definitly don't know anything about what I see in the logfile, so please help me to understand and find the problems if there are any. Thank you very much in advance!


P.S.: I looked myself to see what I can't identify at all. The following doesn't tell me at all what it could be linked to:
O18 - Protocol: haufereader - (no CLSID) - (no file). Don't know if this might be of any help...


Here comes the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:48, on 29.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Registry Mechanic\RegMech.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.derooipannen.nl:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Programme\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2878801565-563787898-1210066488-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Web')
O4 - HKUS\S-1-5-21-2878801565-563787898-1210066488-1007\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background (User 'Web')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Programme\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {3C10C664-0127-4087-A59B-BD59677FFD35} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.de/s/v/29.58/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11941 bytes
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am
Advertisement
Register to Remove

Re: first time! please help me with my logfile

Unread postby Katana » August 1st, 2009, 10:25 am

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------



Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
    ( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • RSIT Logs
  • GMER Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 5:20 pm

Hello katana, thanks for helping! Here come the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by andi at 2009-08-01 23:12:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (34%) free of 27 GB
Total RAM: 447 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:19, on 01.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\andi\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\andi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.derooipannen.nl:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.de/s/v/29.58/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10679 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1187035579.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programme\google\googletoolbar3.dll [2007-01-20 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-30 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar3.dll [2007-01-20 2427968]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-01-19 339968]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-14 88363]
"MGSysCtrl"=C:\Programme\MSI\System Control Manager\MGSysCtrl.exe [2005-06-21 174080]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"AntivirusRegistration"=C:\Programme\CA\Etrust Antivirus\Register.exe [2005-08-22 258048]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"PCMService"=C:\Programme\Home Cinema\PowerCinema\PCMService.exe [2005-08-09 127118]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2004-07-16 102400]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2004-07-16 606208]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2005-08-10 180269]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"UVS11 Preload"=C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"WinDSL MTU-Adjust"=C:\WINDOWS\system32\WinDSL_MTU.exe [2001-02-15 65536]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"COMODO Internet Security"=C:\Programme\COMODO\COMODO Internet Security\cfp.exe [2009-07-21 1793808]
"LexwareInfoService"=C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Cisco Systems VPN Client.lnk - C:\Programme\Cisco Systems\VPN Client\vpngui.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-01-20 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger"
"C:\Programme\AOL 9.0\AOL.exe"="C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Programme\AOL 9.0\WAOL.exe"="C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax"
"C:\Programme\CA\eTrust Antivirus\InocIT.exe"="C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Programme\CA\eTrust Antivirus\Realmon.exe"="C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe"="C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Programme\NetMeeting\Conf.exe"="C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"C:\Dokumente und Einstellungen\andi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4R0LQVSB\ActiveInstall_DE[1].exe"="C:\Dokumente und Einstellungen\andi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4R0LQVSB\ActiveInstall_DE[1].exe:*:Enabled:C:\Dokumente und Einstellungen\andi\Lokale Einstellungen\Temporary Internet Files\Content"
"C:\Programme\mozilla.org\Mozilla\mozilla.exe"="C:\Programme\mozilla.org\Mozilla\mozilla.exe:*:Enabled:Mozilla"
"C:\Programme\Sony Ericsson\Update Service\ma3platform.exe"="C:\Programme\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Henzo\Henzo Imager\Update.exe"="C:\Programme\Henzo\Henzo Imager\Update.exe:*:Enabled:Update"
"C:\Programme\Henzo\Henzo Imager\Henzo imager.exe"="C:\Programme\Henzo\Henzo Imager\Henzo imager.exe:*:Enabled:C:\Programme\Henzo\Henzo Imager\Henzo imager"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger"
"C:\Programme\AOL 9.0\AOL.exe"="C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Programme\AOL 9.0\WAOL.exe"="C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:enabled:Skype"
"C:\Programme\CA\eTrust Antivirus\InocIT.exe"="C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Programme\CA\eTrust Antivirus\Realmon.exe"="C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe"="C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Programme\NetMeeting\Conf.exe"="C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-01 23:12:26 ----D---- C:\rsit
2009-07-30 15:07:15 ----D---- C:\Programme\Panda Security
2009-07-30 13:46:17 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-29 22:49:51 ----SHD---- C:\Config.Msi
2009-07-29 12:23:08 ----D---- C:\Programme\Trend Micro
2009-07-28 19:08:52 ----A---- C:\WINDOWS\uninst.ini
2009-07-28 18:39:32 ----D---- C:\Dokumente und Einstellungen\andi\Anwendungsdaten\Lexware
2009-07-28 18:16:05 ----D---- C:\Programme\Gemeinsame Dateien\Haufe
2009-07-28 18:13:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
2009-07-28 18:11:07 ----D---- C:\Programme\Lexware
2009-07-28 18:11:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
2009-07-28 18:09:40 ----D---- C:\Dokumente und Einstellungen\andi\Anwendungsdaten\InstallShield
2009-07-28 18:05:48 ----D---- C:\Programme\Haufe
2009-07-28 18:05:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
2009-07-28 17:33:23 ----D---- C:\Programme\Gemeinsame Dateien\Lexware
2009-07-21 15:29:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo
2009-07-21 15:29:05 ----A---- C:\WINDOWS\system32\guard32.dll
2009-07-21 15:28:59 ----D---- C:\Programme\COMODO
2009-07-21 13:50:47 ----D---- C:\Programme\Spybot - Search & Destroy
2009-07-21 13:50:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-07-15 00:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 00:33:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 00:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 23:54:53 ----D---- C:\Programme\Avira
2009-07-13 23:54:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-13 22:28:20 ----D---- C:\WINDOWS\ie8updates
2009-07-13 22:23:40 ----HDC---- C:\WINDOWS\ie8
2009-07-02 00:30:16 ----D---- C:\Programme\iTunes

======List of files/folders modified in the last 1 months======

2009-08-01 23:09:09 ----D---- C:\Programme\Mozilla Firefox
2009-08-01 22:53:49 ----D---- C:\WINDOWS\Temp
2009-08-01 22:52:53 ----SD---- C:\WINDOWS\Tasks
2009-08-01 22:52:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-08-01 22:52:24 ----D---- C:\Programme\Mozilla Thunderbird
2009-08-01 22:51:55 ----A---- C:\KBCLOG.txt
2009-07-31 21:46:07 ----D---- C:\WINDOWS\system32
2009-07-31 12:51:36 ----HD---- C:\WINDOWS\inf
2009-07-30 18:49:53 ----D---- C:\WINDOWS\system32\drivers
2009-07-30 18:34:12 ----D---- C:\WINDOWS
2009-07-30 18:33:48 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem v2147DC.txt
2009-07-30 18:33:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-30 18:33:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-30 18:33:01 ----D---- C:\Programme\Internet Explorer
2009-07-30 18:03:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-30 18:01:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-30 18:01:28 ----SHD---- C:\WINDOWS\Installer
2009-07-30 18:01:27 ----D---- C:\WINDOWS\WinSxS
2009-07-30 17:03:27 ----D---- C:\Dokumente und Einstellungen\andi\Anwendungsdaten\Skype
2009-07-30 16:08:30 ----D---- C:\Dokumente und Einstellungen\andi\Anwendungsdaten\skypePM
2009-07-30 15:07:15 ----RD---- C:\Programme
2009-07-30 15:06:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-30 13:42:09 ----D---- C:\WINDOWS\network diagnostic
2009-07-29 23:05:31 ----D---- C:\WINDOWS\Prefetch
2009-07-29 22:52:54 ----D---- C:\Programme\Registry Mechanic
2009-07-29 22:52:09 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-07-29 22:50:15 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-29 22:50:09 ----D---- C:\Programme\Lavasoft
2009-07-29 13:27:34 ----HD---- C:\Programme\InstallShield Installation Information
2009-07-28 19:08:37 ----D---- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2009-07-28 19:06:43 ----D---- C:\Programme\fotokasten
2009-07-28 18:19:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-28 18:19:49 ----RSD---- C:\WINDOWS\assembly
2009-07-28 17:53:22 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-28 17:43:32 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-07-28 17:43:07 ----D---- C:\WINDOWS\pchealth
2009-07-19 18:41:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:11:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 00:33:26 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 23:38:49 ----D---- C:\WINDOWS\system32\de-de
2009-07-13 23:38:48 ----D---- C:\WINDOWS\Media
2009-07-13 23:38:48 ----D---- C:\WINDOWS\Help
2009-07-13 22:23:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-08 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 18:55:22 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 18:55:22 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 18:55:21 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 18:55:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 18:55:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 18:55:15 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 18:55:14 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 18:55:12 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 18:55:08 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-07-02 00:30:42 ----D---- C:\Programme\iPod
2009-07-02 00:30:41 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-07-02 00:27:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-02 00:05:01 ----D---- C:\WINDOWS\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-08-13 82380]
R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-07-21 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-07-21 25160]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-23 5632]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-14 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-14 2300928]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-01-20 965632]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-24 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\System32\Drivers\MGHwCtrl.sys []
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-16 71168]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-07-16 186048]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WinDSLa;WinDSL-Adapter (PPP-over-Ethernet); C:\WINDOWS\system32\DRIVERS\WinDSL.sys [2002-02-08 47056]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 799744]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ggsemc;Sony Ericsson USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2006-06-28 8704]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-07-12 17664]
S3 RT61;Ralink Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-08-27 352768]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WinDSLp;%WinDSLp_Desc%; C:\WINDOWS\system32\DRIVERS\WinDSL.sys [2002-02-08 47056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-01-20 344064]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-08-09 221281]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2005-08-09 110687]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [2009-07-21 707152]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-08-09 61440]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WmcCds;Windows Media Connect (WMC); c:\programme\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect-Hilfsprogramm; C:\Programme\Windows Media Connect\mswmcls.exe [2004-08-10 28160]

-----------------EOF-----------------


And the other one:


info.txt logfile of random's system information tool 1.06 2009-08-01 23:13:26

======Uninstall list======

-->"C:\Programme\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9B5AAC6D-AF21-4034-AF1D-A28274180BA6}\setup.exe" -l0x7 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Agere Systems AC'97 Modem v2147DC-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
COMODO Internet Security-->C:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
EMEA02-->MsiExec.exe /X{949460AD-3C77-44FD-8D78-BF605EF28114}
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
eTrust Registration-->MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Free YouTube Download 2.2-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GoldWave v5.08-->"C:\Programme\GoldWave\unstall.exe" "GoldWave v5.08" "C:\Programme\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar3.dll"
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Foto- und Bildbearbeitung 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series-->C:\Programme\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber -->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Speicher-Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
IEEE802.11a/b/g Wireless LAN Software-->MsiExec.exe /I{902C0D79-8D7F-4956-9DCB-A223D5BF55B3}
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iPod for Windows 2005-03-23-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1031
iPod for Windows 2006-01-10-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1031
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
Lexware Info Service-->MsiExec.exe /X{69496452-FAF3-43BC-9907-BA9CEC65FC10}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MediaShow 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
Mozilla Firefox (3.0.12)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multiquence v2.50-->C:\WINDOWS\sxstall2.exe "Multiquence v2.50" "C:\Programme\Multiquence\unstall.log"
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
phase5-->"C:\Programme\phase5\uninstall.exe"
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX 5-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX 5\uninstal.log
PowerCinema-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x7 REMOVE
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Studio 9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7 UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Control Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\Setup.exe"
TAXMAN 2009-->C:\Programme\InstallShield Installation Information\{EFE38CC6-2592-4F93-B59B-CE4B69600890}\Setup.exe -runfromtemp -l0x0007 -removeonly
TAXMAN Bibliothek 2009-->MsiExec.exe /X{700C61BE-9424-4B20-9153-7A0C59722AF4}
TextMaker Viewer-->C:\WINDOWS\untmv.exe
TIPP10 Version 2.0.1-->"C:\Programme\Tipp10\unins000.exe"
Ulead VideoStudio 11-->C:\Programme\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Update Service-->"C:\Programme\Sony Ericsson\Update Service\Uninstall Update Service\Uninstall Update Service.exe"
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VideoLAN VLC media player 0.8.6f-->C:\Programme\VideoLAN\VLC\uninstall.exe
videon-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPN Client-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
WinRAR-->C:\Programme\WinRAR\uninstall.exe
WISO Mein Geld 2006 Professional-->MsiExec.exe /I{20FD5B04-CE35-4F5B-A2F3-6D9FD644EB70}
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

=====HijackThis Backups=====

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [2009-07-31]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2009-07-31]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [2009-07-31]
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup [2009-07-31]
O4 - Global Startup: hp psc 1000 series.lnk = ? [2009-07-31]
O4 - Global Startup: Audible Download Manager.lnk = C:\Programme\Audible\Bin\AudibleDownloadHelper.exe [2009-07-31]
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [2009-07-31]
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [2009-07-31]
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe [2009-07-31]
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE [2009-07-31]
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start [2009-07-31]
O9 - Extra button: MedionShop - {3C10C664-0127-4087-A59B-BD59677FFD35} - http://www.medionshop.de/ (file missing) (HKCU) [2009-07-31]
O4 - Global Startup: hpoddt01.exe.lnk = ? [2009-07-31]
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com [2009-07-31]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: AntiVir Desktop
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
FW: COMODO Firewall

======System event log======

Computer Name: CASULINO
Event Code: 7036
Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Beendet".

Record Number: 21210
Source Name: Service Control Manager
Time Written: 20090721133739.000000+120
Event Type: Informationen
User:

Computer Name: CASULINO
Event Code: 1003
Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 001109AF7EB4 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
Der Vorgang wurde durch den Benutzer abgebrochen.
.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Record Number: 21209
Source Name: Dhcp
Time Written: 20090721133739.000000+120
Event Type: Warnung
User:

Computer Name: CASULINO
Event Code: 7036
Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Ausgeführt".

Record Number: 21208
Source Name: Service Control Manager
Time Written: 20090721133738.000000+120
Event Type: Informationen
User:

Computer Name: CASULINO
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Pml Driver HPZ12" gesendet.

Record Number: 21207
Source Name: Service Control Manager
Time Written: 20090721133738.000000+120
Event Type: Informationen
User: CASULINO\andi

Computer Name: CASULINO
Event Code: 7036
Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Beendet".

Record Number: 21206
Source Name: Service Control Manager
Time Written: 20090721133738.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: CASULINO
Event Code: 4113
Message:
Record Number: 2581
Source Name: H+BEDV AntiVir
Time Written: 20080123225531.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: CASULINO
Event Code: 4113
Message:
Record Number: 2580
Source Name: H+BEDV AntiVir
Time Written: 20080123225531.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: CASULINO
Event Code: 1002
Message: Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3646, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Record Number: 2579
Source Name: Application Hang
Time Written: 20080122221018.000000+060
Event Type: Fehler
User:

Computer Name: CASULINO
Event Code: 1002
Message: Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3646, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Record Number: 2578
Source Name: Application Hang
Time Written: 20080122220255.000000+060
Event Type: Fehler
User:

Computer Name: CASULINO
Event Code: 1002
Message: Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3646, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Record Number: 2577
Source Name: Application Hang
Time Written: 20080121205729.000000+060
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Haufe\iDesk\iDeskService\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:42 pm

As expected the last log in several parts. Thanks again! Kind regards!

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 00:26:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF2598F68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF2598472]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF2598B0C]
SSDT F7BCA72E ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF2598150]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF259A1F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF259A4C8]
SSDT F7BCA724 ZwCreateThread
SSDT F7BCA733 ZwDeleteKey
SSDT F7BCA73D ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF2597A78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF2599E72]
SSDT F7BCA742 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF25986F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF2598D50]
SSDT F7BCA710 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF2598986]
SSDT F7BCA715 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF25998AA]
SSDT F7BCA74C ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF259826E]
SSDT F7BCA747 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF2599C0E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF259A020]
SSDT F7BCA738 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF2598690]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF259887A]
SSDT F7BCA71F ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF2597EE8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E0 80501C18 2 Bytes [72, 84] {JB 0xffffffffffffff86}
.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 2 Bytes [50, 81]
.text ntkrnlpa.exe!ZwCallbackReturn + 2558 80501D90 2 Bytes [86, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 2 Bytes [6E, 82]
.text ntkrnlpa.exe!ZwCallbackReturn + 26AC 80501EE4 2 Bytes [0E, 9C] {PUSH CS; PUSHF }
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[152] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[296] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[400] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Bonjour\mDNSResponder.exe[416] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[444] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:44 pm

.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe[648] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[684] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe[768] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 003B8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003B18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003B1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003B19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 003B1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 003B1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 003B1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003B18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 003B1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003B19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 003B1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003B18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 003B1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003B4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 003B8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003B19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003B1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003B1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003B1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003B1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003B1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003B1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003B1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003B1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003B1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003B1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003B1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003B1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B9, 83]
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003B1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003B1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003B1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003B1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003B1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003B1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003B1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003B1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003B1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003B1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003B1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 003B1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 003B1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 003B1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 003B1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 003B1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 003B1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 003B8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 003B1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 003B1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003B8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[820] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 003B8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:46 pm

.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1036] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1048] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1216] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:47 pm

.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1520] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1524] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[1576] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:48 pm

.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 100022D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Mozilla Firefox\firefox.exe[1816] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1832] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1876] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[1900] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:49 pm

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1924] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[2016] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B6, 83] {MOV DH, 0x83}
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2056] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2132] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2568] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:50 pm

.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\AGRSMMSG.exe[2628] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00371950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00378B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003718D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00371890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003719B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00371910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00371A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00371970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003718F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00371930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003719D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00371990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003718B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00371A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00374550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00378A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003719F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00371B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00371D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00371AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00371AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00371D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00371A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00371A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00371A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00371D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00371CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00371D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00371B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00371C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00371C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00371B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B5, 83] {MOV CH, 0x83}
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00371BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00371B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00371B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00371CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00371CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00371C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00371BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00371C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00371C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00371BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00371D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00371AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00371480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00371640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00371000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00371250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00378700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00371E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00371DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00371DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00371DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00378450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\MSI\System Control Manager\MGSysCtrl.exe[2708] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00378590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe[2892] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Home Cinema\PowerCinema\PCMService.exe[3004] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B6, 83] {MOV DH, 0x83}
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3060] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:51 pm

.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3076] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3084] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3136] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\iPod\bin\iPodService.exe[3404] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B8, 83]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 003A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 003A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 003A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 003A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 003A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3744] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 003A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3764] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Dokumente und Einstellungen\andi\Desktop\gmer\gmer.exe[3780] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 1st, 2009, 6:52 pm

.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3940] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] wininet.dll!InternetConnectA 408CDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[4028] wininet.dll!InternetConnectW 408CF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F735D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F735D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F735D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F735D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby Katana » August 2nd, 2009, 4:03 am

Information

There is no obvious sign of infection on your machine, but let's run a couple more scans to confirm.
How many computers are on the network ?


----------------------------------------------------------------------------------------
Step 1

Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Click Link >>> HERE <<< Link and select "save as" and save it to your desktop
  • Double click TTWipe.bat
  • Reboot your machine for the changes to take effect.

----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • MalwareBytes Log
  • Kaspersky Log
  • How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: first time! please help me with my logfile

Unread postby casulino » August 2nd, 2009, 5:54 pm

Hey there, just finished the Malwarebytes' scan. Eventually found something - sorry, the log is in German - most important point: It found and removed 2 infected registry keys. The rest is ok. Here comes the log:

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2547
Windows 5.1.2600 Service Pack 3

02.08.2009 23:44:29
mbam-log-2009-08-02 (23-44-29).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|H:\|)
Durchsuchte Objekte: 246488
Laufzeit: 51 minute(s), 2 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am

Re: first time! please help me with my logfile

Unread postby casulino » August 3rd, 2009, 2:29 am

ok, kaspersky also finished now - no results. hope it's done now. by the way: we have 3 pcs in our network. so, i just wanted to make sure, that i'm not the "guilty" one. do you have any idea how suspicious the 2 infected hot keys were to be responsible for sneding around spam? the connexion still works. as the provider doesn't cut it down instantly, i can only hope that our problems are fixed now and that i won't have a bad surprise in a couple of days. i will definitely ask my roommates to check their pcs as precisly as you just adviced me - at least ask them to post their hijack-logs also to this forum: i'm very impressed by your quick, competent and efficient help. thank you very much!!!

have a great day!!!

P.S.: a here comes the last report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, August 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, August 02, 2009 23:11:49
Records in database: 2575765
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 144914
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:55:09

No malware has been detected. The scan area is clean.

The selected area was scanned.
casulino
Active Member
 
Posts: 14
Joined: July 29th, 2009, 6:38 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware