GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-03 21:59:57 Windows 5.1.2600 Dodatek Service Pack 2 Running: fedt1zhv.exe; Driver: C:\DOCUME~1\PANJAN~1\USTAWI~1\Temp\awaiykow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF7D85694] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF7D5D610] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF7D84C38] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF7D852FA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF7D85EE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF7D84B14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF7D87DE6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF7D881B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF7D844FC] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF7D5DC10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF7D85880] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF7D85A74] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF7D842EC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF7D8660A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF7D86864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF7D879DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF7D84ED4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF7D854D6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF7D85ED8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF7D83F28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF7D85184] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF7D8411E] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF7D5D6D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF7D86A80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF7D86EFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF7D86CA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF7D86422] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF7D87472] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF7D87726] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF7D5D690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF7D5D650] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF7D85CB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF7D87BD6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF7D861AA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF7D84E6E] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF7D5D510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF7D5D590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF7D85070] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF7D84912] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF7D846FC] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF7D5D750] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 4 Bytes CALL 93460627 .text ntoskrnl.exe!_abnormal_termination + 443 804E3114 12 Bytes [10, D5, D5, F7, 90, D5, D5, ...] {ADC CH, DL; AAD 0xf7; NOP ; AAD 0xd5; DIV DWORD [EAX+0x50]; FDIV ST, ST(7)} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00D05D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00CFCEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D05DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00D05E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00D05E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00D05D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00D05C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00D05D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00D05D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00D05D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00D05CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00D05CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00D05DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00D05C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D034C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CFCFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00D05CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D05BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D05940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00D05BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D05C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D059A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D05DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D05E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D05C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D05980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00D059E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00D059C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D05B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00D05A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00D05A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00D05A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00D05AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00D05A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00D05B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00D05BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00D05B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00D05B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00D05AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00D05A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00D05AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00D05B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D05960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00D05C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 00D06890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 00D065F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 00CFF730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 00CFFF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 00D06DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 00D06B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 00D05840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 00D05860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 00D07420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00D058C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00D058E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00D05920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00D05900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 00D078A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[312] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 00D07660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1048] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2396] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2764] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3184] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[3644] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\panJankowski\Pulpit\fedt1zhv.exe[3696] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ADVAPI32.dll!CreateServiceW 77E27209 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[3836] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F988C740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F988C780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F988C6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F988C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- EOF - GMER 1.0.15 ----