CPU-Auslastung von jetzt auf gleich bei 100% durch cmdagent.exe!

#0
08.10.2009, 11:07
...neu hier

Beiträge: 10
#1 Hallo Board!

Ich wede mich mal wieder voller Verzweiflung an Euch, da ihr mir schon beim letzten Mal so fabulös geholfen habt, ich bin mit meinem Latein echt am Ende!

Und zwar war bis gestern auch noch alles in Butter, ich hab den Pc normal am Abend runtergefahren und wollte ihn heute morgen wieder einschalten. Das klappte auch hervorragend bis zu dem Zeitpunkt, wo ich ein Programm aufrufen wollte. Der Pc blieb stehn, er fror ein sozusagen.
Ich also den Rechner aus gemacht, wieder an gemacht - selbes Problem.

Das Problem welches sich darstellt ist laut Taskmanager eine Datei, "cmdagent.exe", die die komplette Auslastung zu 99 bzw. 100% verursacht.
Will ich die Datei bzw den Prozess beenden, öfffnet sich ein PopUp mit dem Hinweis das dieser Prozess vom System gesperrt ist und somit nicht beendet werden kann..

Was soviel heisst wie weder Programme lassen sich öfnen, noch sonstwas klappt.
Bei meiner Recherche habe ich nu festgestellt, dass es sich bei dieser .exe um ein Programm meiner Comodo-Firewall handeln könnte, wie ich diese jedoch ausschalten kann (bei 100% Auslastung nicht möglich) blieb mir bislang verborgen..

Hat jemand nen Rat für mich, wie ich dem ganzen Spuk ein Ende machen kann? Muss ich jetzt das ganze System nochma neu aufsetzen oder gibt es noch andere Möglichkeiten? Wie gesagt, ob Programm o Datei, es lässt sich nix öffnen, der abgesicherte Modus jedoch geht, nur ich weiß nicht was genau ich dort machen muss, will dem System ja nicht mehr schädigen als es ohnehin schon ist..

Bitte um Hilfe...

P.S.: ich musste diese Zeilen hier mit meinem Dienst-Laptop schreiben, da bei meinem Hauptrechner scheinbar gar nichts mehr geht!
Seitenanfang Seitenende
08.10.2009, 12:13
Member

Beiträge: 3716
#2 Versuch mal die Anleitung hier im abgesicherten Modus abzuarbeiten:
http://board.protecus.de/t23187.htm
und die logs posten.
Seitenanfang Seitenende
08.10.2009, 12:58
...neu hier

Themenstarter

Beiträge: 10
#3 Hallo virenfinder!
Erstmal vielen Dank das Du Dich meiner Sache angenommen hast!
Ich habe nun den Scan mit Malwarebytes gemacht, finde jedoch die log-Datei nicht. Das Programm hat aber 3 Sachen gefunden und hat auch eine log-Datei gespeichert, aber er verrät mir nicht wo.. Im Preogrammordner von Mwb ist leider nix zu finden..
Ich mach dann mal weiter mit dem Gmer-Report..

Gruß,
capkom
Seitenanfang Seitenende
08.10.2009, 13:03
Member

Beiträge: 3716
#4 Öffne den Arbeitsplatz, klicke extras, ordneroptionen, Ansicht. Dateierweiterungen bei bekannten Typen ausblenden off Inhalte von Systemordnern einblenden on und versteckte Dateien einblenden on. übernehmen ok.
nu öffne c: dann dokumente und einstellungen deinen usernamen, anwendungen, malwarebytes, und dort logs. Da ist es.
Seitenanfang Seitenende
08.10.2009, 13:17
...neu hier

Themenstarter

Beiträge: 10
#5 Danke für den Tipp,
ich hab es auch genauso gemacht, aber ich finde weder unter Admin noch unter meinem Benutzernamen die log-Datei...
Hmm, haste evtl noch ne Lösung?

Edit: habs gefunden!
Okay, nur noch die HJT-Liste und dann bin ich durch...
Dieser Beitrag wurde am 08.10.2009 um 13:24 Uhr von capkom editiert.
Seitenanfang Seitenende
08.10.2009, 13:36
...neu hier

Themenstarter

Beiträge: 10
#6 So, ich hoffe ich hab nun alles beisammen, ist gar nicht so einfach immer vom Laptop zum Rechner und zurück zu operieren...
Okay, den Anfang macht Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)

08.10.2009 12:38:11
mbam-log-2009-10-08 (12-38-11).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111475
Laufzeit: 5 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


GMER:

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-08 13:21:02
Windows 5.1.2600 Service Pack 3
Running: szdgfo1c.exe; Driver: C:\DOKUME~1\ADMINI~1.UN~\LOKALE~1\Temp\ufloykow.sys


---- System - GMER 1.0.15 ----

SSDT spla.sys ZwCreateKey [0xF74D60E0]
SSDT spla.sys ZwEnumerateKey [0xF74F4DA4]
SSDT spla.sys ZwEnumerateValueKey [0xF74F5132]
SSDT spla.sys ZwOpenKey [0xF74D60C0]
SSDT spla.sys ZwQueryKey [0xF74F520A]
SSDT spla.sys ZwQueryValueKey [0xF74F508A]
SSDT spla.sys ZwSetValueKey [0xF74F529C]

INT 0x63 ? 8B407BF8
INT 0x63 ? 8B407BF8
INT 0x63 ? 8B407BF8
INT 0x63 ? 8B407BF8
INT 0x63 ? 8B1A1BF8
INT 0x63 ? 8B407BF8
INT 0x83 ? 8B407BF8
INT 0x83 ? 8B407BF8
INT 0x83 ? 8B1A1BF8
INT 0x83 ? 8B407BF8
INT 0x94 ? 8B1A1BF8
INT 0x94 ? 8B1A1BF8
INT 0x94 ? 8B1A1BF8
INT 0x94 ? 8B1A1BF8
INT 0xA4 ? 8B1A1BF8
INT 0xB4 ? 8B1A1BF8

---- Kernel code sections - GMER 1.0.15 ----

? spla.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B86C88AC 5 Bytes JMP 8B1A11D8
.text ayr3pq58.SYS B862D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ayr3pq58.SYS B862D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ayr3pq58.SYS B862D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ayr3pq58.SYS B862D3C9 1 Byte [30]
.text ayr3pq58.SYS B862D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\winlogon.exe[272] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\services.exe[316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] WS2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 10001E90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001E70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\lsass.exe[328] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[484] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[528] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\svchost.exe[576] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] WININET.dll!InternetConnectA 441F4992 5 Bytes JMP 10001E30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] WININET.dll!InternetConnectW 441F5B8E 5 Bytes JMP 10001E50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\Explorer.EXE[840] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] SHELL32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] SHELL32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] SHELL32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINXP\system32\ctfmon.exe[1364] SHELL32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 10004550 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!LdrUnloadDll 7C926C9B 5 Bytes JMP 10008A60 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ntdll.dll!LdrGetProcedureAddress 7C9277B8 5 Bytes JMP 100019F0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text F:\szdgfo1c.exe[1692] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ADVAPI32.dll!OpenServiceW 77DB6FFD 7 Bytes JMP 10001480 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ADVAPI32.dll!OpenServiceA 77DC4C66 7 Bytes JMP 10001640 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ADVAPI32.dll!CreateServiceA 77E07211 7 Bytes JMP 10001000 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ADVAPI32.dll!CreateServiceW 77E073A9 7 Bytes JMP 10001250 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008700 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] shell32.dll!ShellExecuteExW 7E6B2F03 5 Bytes JMP 10001E10 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] shell32.dll!ShellExecuteEx 7E6F0E25 5 Bytes JMP 10001DF0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] shell32.dll!ShellExecuteA 7E6F1150 5 Bytes JMP 10001DB0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\szdgfo1c.exe[1692] shell32.dll!ShellExecuteW 7E765BF0 5 Bytes JMP 10001DD0 C:\WINXP\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINXP\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B3972D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507D4C] spla.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507DA0] spla.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spla.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spla.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spla.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spla.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spla.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B1A12D8
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ayr3pq58.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[840] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B4061F8
Device \FileSystem\Fastfat \FatCdrom 8AFE31F8
Device \Driver\usbuhci \Device\USBPDO-0 8B25A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3951F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B3951F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B3951F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B3951F8
Device \Driver\usbuhci \Device\USBPDO-1 8B25A1F8
Device \Driver\usbehci \Device\USBPDO-2 8B275500
Device \Driver\usbuhci \Device\USBPDO-3 8B25A1F8
Device \Driver\usbuhci \Device\USBPDO-4 8B25A1F8
Device \Driver\usbehci \Device\USBPDO-5 8B275500
Device \Driver\usbuhci \Device\USBPDO-6 8B25A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B4081F8
Device \Driver\usbuhci \Device\USBPDO-7 8B25A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B4081F8
Device \Driver\Cdrom \Device\CdRom0 8B261500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B4081F8
Device \Driver\Cdrom \Device\CdRom1 8B261500
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort4 [F7978B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort5 [F7978B40] atapi.sys[unknown section]
Device \Driver\sptd \Device\2733792792 spla.sys
Device \Driver\PCI_PNP2792 \Device\0000004c spla.sys
Device \Driver\PCI_PNP2792 \Device\0000004c spla.sys
Device \Driver\usbuhci \Device\USBFDO-0 8B25A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8B25A1F8
Device \Driver\usbuhci \Device\USBFDO-2 8B25A1F8
Device \Driver\usbehci \Device\USBFDO-3 8B275500
Device \Driver\usbuhci \Device\USBFDO-4 8B25A1F8
Device \Driver\Ftdisk \Device\FtControl 8B4081F8
Device \Driver\USBSTOR \Device\0000007e 8B1A4348
Device \Driver\usbuhci \Device\USBFDO-5 8B25A1F8
Device \Driver\USBSTOR \Device\0000007f 8B1A4348
Device \Driver\usbuhci \Device\USBFDO-6 8B25A1F8
Device \Driver\usbehci \Device\USBFDO-7 8B275500
Device \Driver\ayr3pq58 \Device\Scsi\ayr3pq581Port7Path0Target0Lun0 8B1A3500
Device \Driver\ayr3pq58 \Device\Scsi\ayr3pq581 8B1A3500
Device \FileSystem\Fastfat \Fat 8AFE31F8
Device \FileSystem\Cdfs \Cdfs 8AFE21F8
Device \FileSystem\Cdfs \Cdfs B8763BCE

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x39 0x53 0xF6 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x29 0x47 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5E 0x16 0x84 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0x2B 0xFE 0x23 ...

---- EOF - GMER 1.0.15 ----

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:23, on 08.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\ctfmon.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINXP\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINXP\java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\WINXP\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINXP\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINXP\system32\shdocvw.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BINGOOO - {CC1C0616-87D9-460B-98B2-F3B758C0E322} - D:\Programme\BINGOOO\BINGOOO.exe (file missing)
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINXP\system32\wbsys.dll C:\WINXP\system32\guard32.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINXP\java\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINXP\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINXP\System32\TUProgSt.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\Programme\USB Safely Remove\USBSRService.exe

--
End of file - 6691 bytes

Uninstall:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:23, on 08.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\ctfmon.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINXP\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINXP\java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\WINXP\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINXP\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINXP\system32\shdocvw.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BINGOOO - {CC1C0616-87D9-460B-98B2-F3B758C0E322} - D:\Programme\BINGOOO\BINGOOO.exe (file missing)
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINXP\system32\wbsys.dll C:\WINXP\system32\guard32.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINXP\java\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINXP\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINXP\System32\TUProgSt.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\Programme\USB Safely Remove\USBSRService.exe

--
End of file - 6691 bytes

Falls noch was fehlen sollte, bitte posten!

Danke nochmals...
capkom
Seitenanfang Seitenende
08.10.2009, 14:34
Member

Beiträge: 3716
#7 nutzt du von comodo den Virenscanner? Bitte deinstaliere in diesem fall entweder comodo oder avira. da du die suite von comodo nutzt, würde ich Avira deinstalieren und schauen, ob sich etwas tut.
Seitenanfang Seitenende
08.10.2009, 15:12
...neu hier

Themenstarter

Beiträge: 10
#8 Kann ich versuchen, ja ich nutze zzt noch beide. Kann ich das auch im abgesicherten Modus deinstallieren?
Seitenanfang Seitenende
08.10.2009, 15:25
Member

Beiträge: 3716
#9 Ja, kannst du.
Seitenanfang Seitenende
08.10.2009, 15:43
...neu hier

Themenstarter

Beiträge: 10
#10 Okay,
soweit ist jetzt wohl wieder alles in Ordnung, der cmdgent ist weg, nachdem ich die Comodo Suite deinstalliert hab. Meinst Du denn ich sollte nochmal alle Programme durchlaufen lassen und hier posten und reicht mir denn ein Programm wie Antivir zur Überwachung meines Rechners?
Kannst Du mir evtl eins empfehlen?

Trotzallem bedanke ich mich an dieser Stelle nochmal aufs Herzlichste für die schnelle Hilfe.
Auf die community dieses Boards ist doch immer wieder Verlass!

Gruß
Seitenanfang Seitenende
08.10.2009, 15:49
Member

Beiträge: 3716
#11 Ist das Comodo denn keine Kaufversion gewesen? Kenn mich bei dem programm, was die Versionen angeht nicht aus. aber sah sehr nach kaufversion aus. Da hätte ich an deiner Stelle eig lieber comodo drauf gelassen.
Wenn es nicht die Kaufversion war, würde ich folgendes machen:
comodo neu laden, diesmal aber antivirus und firewall abwählen, also nur comodo defense (proactive) zusätzlich zu Avira verwenden, dann bist du gut ausgestattet denke ich.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: