GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-31 23:14:42 Windows 5.1.2600 Service Pack 3 Running: dbpcnrvx.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\fxloyfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x9B18DBDA] ------------------------------------------ SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x9B18D1B8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x9B18D840] SSDT AB4AB2BE ZwCreateKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x9B18D09A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x9B18F06A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x9B18F302] SSDT AB4AB2B4 ZwCreateThread SSDT AB4AB2C3 ZwDeleteKey SSDT AB4AB2CD ZwDeleteValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x9B18CA92] SSDT spus.sys ZwEnumerateKey [0xBA6CDDA4] SSDT spus.sys ZwEnumerateValueKey [0xBA6CE132] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x9B18ECEC] SSDT AB4AB2D2 ZwLoadKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9B18D43C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x9B18DA1C] SSDT spus.sys ZwOpenKey [0xBA6B50C0] SSDT AB4AB2A0 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9B18D6CC] SSDT AB4AB2A5 ZwOpenThread SSDT spus.sys ZwQueryKey [0xBA6CE20A] SSDT spus.sys ZwQueryValueKey [0xBA6CE08A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0x9B18E720] SSDT AB4AB2DC ZwReplaceKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x9B18F648] SSDT AB4AB2D7 ZwRestoreKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x9B18EA88] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0x9B18DDC0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x9B18EE9A] SSDT AB4AB2C8 ZwSetValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x9B18D3D6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x9B18D5C0] SSDT AB4AB2AF ZwTerminateProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x9B18CE32] INT 0x62 ? 8A3BCBF8 INT 0x63 ? 8A3BDBF8 INT 0x73 ? 8A3BDBF8 INT 0x82 ? 8A3BCBF8 INT 0x83 ? 8A3BCBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 805047A8 4 Bytes JMP 61109B18 ? cefwxkv.sys Das System kann die angegebene Datei nicht finden. ! ? spus.sys Das System kann die angegebene Datei nicht finden. ! .rsrc C:\WINDOWS\system32\drivers\pciide.sys entry point in ".rsrc" section [0xBAE70814] .text USBPORT.SYS!DllUnload B9CDC8AC 5 Bytes JMP 8A3BD1D8 .text a4ec8ysz.SYS AB250386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a4ec8ysz.SYS AB2503AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a4ec8ysz.SYS AB2503C4 3 Bytes [00, 80, 02] .text a4ec8ysz.SYS AB2503C9 1 Byte [30] .text a4ec8ysz.SYS AB2503C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[200] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\dbpcnrvx.exe[216] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00AE000A .text C:\WINDOWS\system32\wuauclt.exe[328] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00AF000A .text C:\WINDOWS\system32\wuauclt.exe[328] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00AD000C .text C:\WINDOWS\system32\wuauclt.exe[328] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[328] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B3000A .text C:\WINDOWS\Explorer.EXE[440] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00BD000A .text C:\WINDOWS\Explorer.EXE[440] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B2000C .text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[440] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00B71950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00B782B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00B718D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00B71890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 00B719B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00B71910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00B71A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00B71970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 00B718F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B71930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 00B719D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00B71990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00B718B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00B71A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00B74550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00B781E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 00B719F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B71B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B71D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00B71AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B71AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B71D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B71A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B71A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B71A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B71D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00B71CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00B71D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B71B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00B71C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B71C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00B71B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [35, 84] .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00B71BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B71B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B71B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00B71CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00B71CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00B71C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B71BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00B71C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00B71C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00B71BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B71D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B71AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00B71480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00B71640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00B71000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00B71250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00B77E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00B77BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00B77D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00B71E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00B71DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00B71DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00B71DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 00B71E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWService.exe[468] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 00B71E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[608] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\sched.exe[668] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[816] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[828] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1024] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1060] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1116] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1296] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[1336] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[1340] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCD.exe[1380] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 003B82B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003B18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003B1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003B19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 003B1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 003B1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 003B1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003B18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 003B1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003B19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 003B1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003B18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 003B1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003B4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 003B81E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003B19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003B1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003B1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003B1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003B1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003B1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003B1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003B1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003B1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003B1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003B1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003B1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003B1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B9, 83] .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003B1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003B1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003B1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003B1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003B1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003B1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003B1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003B1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003B1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003B1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003B1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 003B7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 003B1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 003B1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 003B1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 003B1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 003B1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 003B1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 003B1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 003B1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003B7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 003B7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 003B1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1392] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 003B1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0050E060 C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Winamp\winampa.exe[1440] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDll32.exe[1448] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1472] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 100022D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ICQ6.5\ICQ.exe[1480] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00E21950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00E282B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00E218D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00E21890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 00E219B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00E21910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00E21A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00E21970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 00E218F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00E21930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 00E219D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00E21990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00E218B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00E21A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00E24550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00E281E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 00E219F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E21B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E21D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00E21AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E21AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E21D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E21A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E21A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E21A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E21D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00E21CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00E21D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E21B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00E21C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E21C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00E21B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [60, 84] .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00E21BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E21B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E21B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00E21CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E21CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E21C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E21BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00E21C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00E21C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00E21BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E21D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00E21AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00E21480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00E21640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00E21000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00E21250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 00E21E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 00E21E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00E27E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 00E21E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 00E21E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00E27BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00E27D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00E21E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00E21DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00E21DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Pando Networks\Media Booster\PMB.exe[1488] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00E21DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1500] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0040FD50 C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009A000A .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 009B000A .text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0080000C .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 009C1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 009C82B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 009C18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 009C1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 009C19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 009C1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 009C1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 009C1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 009C18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009C1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 009C19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 009C1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 009C18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 009C1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 009C4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 009C81E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 009C19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009C1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009C1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009C1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009C1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009C1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 009C1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [1A, 84] .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009C1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009C1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009C1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009C1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009C1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009C1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009C1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009C1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009C1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009C1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009C1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 009C1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 009C1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 009C1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 009C1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009C7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 009C1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 009C1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 009C1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 009C1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 009C7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 009C7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 009C1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\DAEMON Tools Lite\DTLite.exe[1544] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 009C1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[1772] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1816] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[2172] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[2568] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0107000A .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0108000A .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0106000C .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 00DE1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 00DE1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 00DE1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 00DE1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00DE7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 00DE1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 00DE1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 00DE1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 00DE1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00DE7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Mozilla Firefox\firefox.exe[2948] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00DE7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3148] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3660] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3752] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] shell32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] shell32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] shell32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] shell32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3764] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] WININET.dll!InternetConnectA 7719345A 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\unsecapp.exe[4004] WININET.dll!InternetConnectW 7719EE40 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6C5B90] spus.sys IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a4ec8ysz.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA528740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA528780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA5286E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA5287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [006172F0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00617FB0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [006176D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00617D80] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [006172A0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00617760] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00617CC0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00617330] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [006180C0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [00618130] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [00618110] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00617EA0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [00617520] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617590] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00617410] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [006172F0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [006176D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00617760] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [006172A0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00617C00] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00617CC0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [00617EA0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [00617590] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [00617630] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00617D80] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [006172F0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00617EA0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00617D80] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [006172A0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617590] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [00617CC0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [00617760] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [00617D80] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618190] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programme\COMODO\COMODO Internet Security\cfp.exe[1432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00618340] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3BA1F8 AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) Device \FileSystem\Fastfat \FatCdrom 895831F8 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\PCI_PNP5518 \Device\00000041 spus.sys Device \Driver\usbohci \Device\USBPDO-0 89FF11F8 Device \Driver\sptd \Device\842528018 spus.sys Device \Driver\usbohci \Device\USBPDO-1 89FF11F8 Device \Driver\usbehci \Device\USBPDO-2 89FE41F8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3BE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3137A747-6641-44C1-AE02-314EB46AA3BE} 8958E1F8 Device \Driver\Cdrom \Device\CdRom0 89FDE500 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3BE1F8 Device \Driver\Cdrom \Device\CdRom1 89FDE500 Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DC7883-2DBD-4693-8B27-4F7F7F15E9FD} 8958E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8958E1F8 Device \Driver\NetBT \Device\NetbiosSmb 8958E1F8 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbohci \Device\USBFDO-0 89FF11F8 Device \Driver\usbohci \Device\USBFDO-1 89FF11F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895891F8 Device \Driver\usbehci \Device\USBFDO-2 89FE41F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 895891F8 Device \Driver\Ftdisk \Device\FtControl 8A3BE1F8 Device \Driver\a4ec8ysz \Device\Scsi\a4ec8ysz1 89DF3500 Device \Driver\a4ec8ysz \Device\Scsi\a4ec8ysz1Port2Path0Target0Lun0 89DF3500 Device \FileSystem\Fastfat \Fat 895831F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) Device \FileSystem\Cdfs \Cdfs 88A761F8 Device -> \Driver\nvatabus \Device\Harddisk0\DR0 8A26AAC8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x45 0xDF 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0x66 0x9C 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5D 0x68 0x59 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x45 0xDF 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0x66 0x9C 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5D 0x68 0x59 0x45 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\pciide.sys suspicious modification File C:\WINDOWS\system32\drivers\nvatabus.sys suspicious modification ---- EOF - GMER 1.0.15 ---- ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:49:52, on 01.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Pando Networks\Media Booster\PMB.exe C:\Programme\DAEMON Tools Lite\DTLite.exe C:\Programme\Winamp\winampa.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Winamp\winampa .exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 5368 bytes --------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:49:52, on 01.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Pando Networks\Media Booster\PMB.exe C:\Programme\DAEMON Tools Lite\DTLite.exe C:\Programme\Winamp\winampa.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Winamp\winampa .exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 5368 bytes ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) Ad-Aware Ad-Aware Ad-Aware Email Scanner for Outlook Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop CS2 Adobe Reader 9.3.1 - Deutsch ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Avira AntiVir Personal - Free Antivirus Call of Duty(R) 4 - Modern Warfare(TM) Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch C-Media 6501 Sound Command & Conquer™ 4 Tiberian Twilight Counter-Strike Day of Defeat DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Plus Web Player EA Download Manager EA Download Manager UI EA Download Manager UI Frets On Fire HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB945282) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946040) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946308) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947540) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947789) Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB948127) Hotfix für Windows XP (KB952287) Hotfix für Windows XP (KB976098-v2) ICQ6.5 LogMeIn Hamachi LogMeIn Hamachi Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Standard 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office Word Viewer 2003 Microsoft SQL Server 2008 Management Objects Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU Microsoft Visual C++ 2008 Express Edition with SP1 - DEU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Mozilla Firefox (3.6.2pre) Nero 7 Essentials neroxml NVIDIA Drivers Pando Media Booster Sicherheitsupdate für Windows XP (KB923561) Sicherheitsupdate für Windows XP (KB923789) Sicherheitsupdate für Windows XP (KB946648) Sicherheitsupdate für Windows XP (KB950762) Sicherheitsupdate für Windows XP (KB950974) Sicherheitsupdate für Windows XP (KB951066) Sicherheitsupdate für Windows XP (KB951376-v2) Sicherheitsupdate für Windows XP (KB951748) Sicherheitsupdate für Windows XP (KB952004) Sicherheitsupdate für Windows XP (KB952954) Sicherheitsupdate für Windows XP (KB955069) Sicherheitsupdate für Windows XP (KB956572) Sicherheitsupdate für Windows XP (KB956802) Sicherheitsupdate für Windows XP (KB956803) Sicherheitsupdate für Windows XP (KB956844) Sicherheitsupdate für Windows XP (KB957097) Sicherheitsupdate für Windows XP (KB958644) Sicherheitsupdate für Windows XP (KB958687) Sicherheitsupdate für Windows XP (KB958869) Sicherheitsupdate für Windows XP (KB959426) Sicherheitsupdate für Windows XP (KB960225) Sicherheitsupdate für Windows XP (KB960803) Sicherheitsupdate für Windows XP (KB960859) Sicherheitsupdate für Windows XP (KB961501) Sicherheitsupdate für Windows XP (KB969059) Sicherheitsupdate für Windows XP (KB969947) Sicherheitsupdate für Windows XP (KB970238) Sicherheitsupdate für Windows XP (KB971486) Sicherheitsupdate für Windows XP (KB971557) Sicherheitsupdate für Windows XP (KB971633) Sicherheitsupdate für Windows XP (KB971657) Sicherheitsupdate für Windows XP (KB972270) Sicherheitsupdate für Windows XP (KB973354) Sicherheitsupdate für Windows XP (KB973507) Sicherheitsupdate für Windows XP (KB973525) Sicherheitsupdate für Windows XP (KB973869) Sicherheitsupdate für Windows XP (KB973904) Sicherheitsupdate für Windows XP (KB974112) Sicherheitsupdate für Windows XP (KB974318) Sicherheitsupdate für Windows XP (KB974392) Sicherheitsupdate für Windows XP (KB974571) Sicherheitsupdate für Windows XP (KB975025) Sicherheitsupdate für Windows XP (KB975467) Sicherheitsupdate für Windows XP (KB976325) SQL Server System CLR Types Steam TeamSpeak 2 RC2 Update für Windows XP (KB955759) Update für Windows XP (KB967715) Update für Windows XP (KB968389) Update für Windows XP (KB973687) Update für Windows XP (KB973815) VC80CRTRedist - 8.0.50727.4053 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.5 Winamp Windows Media Format Runtime Windows XP Service Pack 3 WinRAR XML Paper Specification Shared Components Language Pack 1.0