GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-06 20:52:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD161HJ rev.JF100-19 Running: 7ut0dwb9.exe; Driver: C:\DOCUME~1\z0r\USTAWI~1\Temp\uwnoyfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xACC2B7E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xACC2AD90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xACC2B44A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xACC2C040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xACC2DC20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xACC2DF9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xACC2A77C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xACC2B9D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xACC2BBE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xACC2A582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACC2C82A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACC2CA80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xACC2D652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xACC2B058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xACC2B626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xACC2C030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xACC2A1B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xACC2B2F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xACC2A3B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xACC2CC8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xACC2D0E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xACC2CEA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xACC2C5B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xACC2BE54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xACC2D93E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xACC2C30A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xACC2AFC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xACC2B1DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xACC2AB92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xACC2A980] INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9627541 INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B96275E7 INT 0x62 ? 8A702CB8 INT 0x74 ? 8A490CB8 INT 0x82 ? 8A702CB8 INT 0x84 ? 8A490CB8 INT 0x94 ? 8A490CB8 INT 0xB1 ? 8A493F00 INT 0xB4 ? 8A702CB8 INT 0xB4 ? 8A702CB8 INT 0xB4 ? 8A702CB8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2480 80501CD0 4 Bytes [E8, BB, C2, AC] .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F83B2E] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB94B9000, 0x16DB56, 0xE8000020] .text USBPORT.SYS!DllUnload B912A8AC 5 Bytes JMP 8A4901C8 .text azo13wkr.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B90F7900 48 Bytes [BB, 66, 5E, 82, 1E, 9C, DF, ...] ? C:\WINDOWS\System32\Drivers\azo13wkr.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\SOUNDMAN.EXE[188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[188] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ALCWZRD.EXE[256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[264] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[588] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[600] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[752] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[828] rpcss.dll!WhichService 76A64234 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[868] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[896] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1324] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1416] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1588] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2248] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 0136C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0159E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0159E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0159E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2936] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\z0r\Pulpit\Sprawdzanie\7ut0dwb9.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3388] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9D047B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D047F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9D04750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9D04820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7011E8 Device \FileSystem\Fastfat \FatCdrom 89CF7430 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\PCI_PNP0738 \Device\00000040 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP0738 \Device\00000040 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\usbuhci \Device\USBPDO-0 8A24F1E8 Device \Driver\usbuhci \Device\USBPDO-1 8A24F1E8 Device \Driver\usbuhci \Device\USBPDO-2 8A24F1E8 Device \Driver\usbuhci \Device\USBPDO-3 8A24F1E8 Device \Driver\usbehci \Device\USBPDO-4 8A238430 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Cdrom \Device\CdRom0 8A1AE1E8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B9DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89C10430 Device \Driver\NetBT \Device\NetbiosSmb 89C10430 Device \Driver\NetBT \Device\NetBT_Tcpip_{8847D6D6-EEBF-4042-8B89-AF409267E032} 89C10430 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBFDO-0 8A24F1E8 Device \Driver\usbuhci \Device\USBFDO-1 8A24F1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C2F430 Device \Driver\usbuhci \Device\USBFDO-2 8A24F1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C2F430 Device \Driver\usbuhci \Device\USBFDO-3 8A24F1E8 Device \Driver\usbehci \Device\USBFDO-4 8A238430 Device \Driver\NetBT \Device\NetBT_Tcpip_{09EDA689-F7E1-48FD-ABAE-2264364E8EAC} 89C10430 Device \Driver\azo13wkr \Device\Scsi\azo13wkr1Port4Path0Target0Lun0 8A4751E8 Device \Driver\azo13wkr \Device\Scsi\azo13wkr1 8A4751E8 Device \FileSystem\Fastfat \Fat 89CF7430 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89D21430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xA7 0xC0 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x3B 0xB0 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x00 0xAB 0x2B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xA7 0xC0 0x9A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x86 0x3B 0xB0 0xA1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x00 0xAB 0x2B ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\23E1924F-17EB-4B9B-8029-B5EE74948E34.data 59350 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\23E1924F-17EB-4B9B-8029-B5EE74948E34.data.info 142 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\410913EB-3F2B-4864-8E23-E037A363806F.data 37 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\410913EB-3F2B-4864-8E23-E037A363806F.data.info 80 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\86931885-71E1-4E11-AC5A-17C1F5B5D35C.data 1807 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\86931885-71E1-4E11-AC5A-17C1F5B5D35C.data.info 308 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\979B1FA1-6DBC-43C7-A372-65FACA5F1CF4.data 1683456 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\979B1FA1-6DBC-43C7-A372-65FACA5F1CF4.data.info 252 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A065BB64-2EB2-4DE4-B738-24C0B801B1E1.data 2311280 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A065BB64-2EB2-4DE4-B738-24C0B801B1E1.data.info 310 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B94EA1F2-D5AF-45B0-953E-F40816E98D3E.data 97280 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B94EA1F2-D5AF-45B0-953E-F40816E98D3E.data.info 220 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----