GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-23 22:19:52 Windows 5.1.2600 Dodatek Service Pack 2 Running: uwgb6j24.exe; Driver: C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 1.0.15 ---- Code 8238A0E0 pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- PAGE Ntfs.sys F83B0E88 4 Bytes CALL 818E0371 .reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x822B7200, 0x3262A, 0xE0000060] init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8813A1E] .text cdrom.sys F3D44000 36 Bytes [5F, 5E, 5B, C9, C2, 08, 00, ...] .text cdrom.sys F3D44025 1 Byte [57] .text cdrom.sys F3D44025 135 Bytes [57, 8B, 79, 60, 89, 45, F8, ...] .text cdrom.sys F3D440AD 9 Bytes [00, 80, 75, 09, C7, 45, 10, ...] .text cdrom.sys F3D440B7 115 Bytes [C0, B0, 01, 33, FF, 84, C0, ...] .text ... .rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xF416E814] .text aec.sys AEB9A000 23 Bytes JMP AEBD85AA \SystemRoot\system32\drivers\aec.sys .text aec.sys AEB9A018 51 Bytes [00, 8D, 96, D2, 1B, 3A, FF, ...] .text aec.sys AEB9A04C 15 Bytes [83, EC, FC, C1, D2, 14, 8A, ...] .text aec.sys AEB9A05C 32 Bytes [86, F0, C0, C0, 05, 9C, 0F, ...] .text aec.sys AEB9A07D 202 Bytes [9C, 50, 8D, 64, 24, 34, E9, ...] .text ... ? C:\WINDOWS\system32\drivers\aec.sys Urządzenie podłączone do komputera nie działa. ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0087000A .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0088000A .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0086000C .text C:\WINDOWS\System32\svchost.exe[1092] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 00B3000A .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 0117DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01184832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 010A9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0129DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0129E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0129DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 0117DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 010E1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0129DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0129DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0129E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 0129DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1128] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 0118488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ? C:\WINDOWS\System32\svchost.exe[1132] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[1172] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[1184] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\explorer.exe[1532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A .text C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\explorer.exe[1532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A .text C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\explorer.exe[1532] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C .text C:\WINDOWS\explorer.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A .text C:\WINDOWS\explorer.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A .text C:\WINDOWS\explorer.exe[1540] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01184832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 010A9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0129DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0129E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0129DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0129DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0129DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0129E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\program files\Internet Explorer\IEXPLORE.EXE[1564] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 0129DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ? C:\WINDOWS\System32\svchost.exe[3652] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dllunknown module: urlmon.dll .text C:\WINDOWS\System32\svchost.exe[3652] USER32.dll!SetForegroundWindow 77D466A7 8 Bytes [B8, 01, 00, 00, 00, C2, 04, ...] {MOV EAX, 0x1; RET 0x4} ? C:\WINDOWS\System32\svchost.exe[3660] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dllunknown module: urlmon.dll .text C:\WINDOWS\System32\svchost.exe[3660] USER32.dll!SetForegroundWindow 77D466A7 8 Bytes [B8, 01, 00, 00, 00, C2, 04, ...] {MOV EAX, 0x1; RET 0x4} .text C:\WINDOWS\system32\wuauclt.exe[4004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0097000A .text C:\WINDOWS\system32\wuauclt.exe[4004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0098000A .text C:\WINDOWS\system32\wuauclt.exe[4004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0096000C ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenFile] 1B7404F3 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateSection] 681077FF IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwMapViewOfSection] [F3D4BD88] \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwClose] 35FF5E6A IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwUnmapViewOfSection] [F3D4BE0C] \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExAllocatePool] BE0835FF IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExFreePoolWithTag] B7E8F3D4 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlIpv4AddressToStringA] 8BFFFFA4 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeQueryInterruptTime] 04E91047 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryDirectoryFile] 8BFFFFFC IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlTimeToTimeFields] 778B0C43 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlUnicodeStringToInteger] 16B60F18 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlTimeToSecondsSince1970] 8BF04589 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwDeviceIoControlFile] 488D1047 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExUuidCreate] 104D89FC IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwReadFile] 014EB60F IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryInformationFile] 8D08E2C1 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwSetInformationFile] 3BFE114C IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!swprintf] 0373104D IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlInitUnicodeString] F6104D89 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwWriteFile] D4BE1405 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlSecondsSince1970ToTime] 207404F3 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwCreateFile] 50FEC083 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlRandom] 0C75FF51 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeEnterCriticalRegion] D4BD8868 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExAcquireFastMutexUnsafe] FF5F6AF3 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExReleaseFastMutexUnsafe] D4BE0C35 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeLeaveCriticalRegion] 0835FFF3 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeQuerySystemTime] E8F3D4BE IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInsertQueue] FFFFA4C0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRemoveQueue] 83F0458B IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeRundownQueue] 75040878 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoFreeIrp] 10458B2A IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeQueue] 468D5048 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObfReferenceObject] 458B5005 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!PsCreateSystemThread] 18C083F0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 2815FF50 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8BF3D4B7 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IofCallDriver] 458B104D IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeTimer] 0144C6F0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeDpc] B60F0017 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetTimer] 4889044E IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeCancelTimer] FF14EB0C IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!qsort] 458B1075 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryValueKey] 04C683F0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlIpv4StringToAddressW] 5618C083 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenKey] 2815FF50 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwEnumerateKey] 8BF3D4B7 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenSection] 4D8B1045 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmAllocatePagesForMdl] 0CC483F0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 8918C083 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmUnmapLockedPages] FB59E901 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!MmFreePagesFromMdl] 478BFFFF IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlHashUnicodeString] 40B60F18 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetEvent] 0C4B8B07 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!RtlPrefixUnicodeString] 8906E8C1 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] 1C43C701 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAllocateIrp] 00000004 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeInitializeEvent] 8518478B IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeWaitForSingleObject] D4358BC0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 74F3D4B7 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwDeleteKey] 50006A05 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!PoStartNextPowerIrp] 478BD6FF IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IofCompleteRequest] 74C0851C IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!PoCallDriver] 50006A05 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByName] 006AD6FF IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDriverObjectType] 80D6FF57 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoEnumerateDeviceObjectList] 7400217B IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCreateDevice] 60438B07 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwFlushVirtualMemory] 01034880 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryKey] 8B0C758B IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoQueueWorkItem] C0850446 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwLoadDriver] FF500774 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObMakeTemporaryObject] D4B7C415 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwFsControlFile] 15FF56F3 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoDeleteDevice] [F3D4B7C8] \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwSetSystemInformation] 89F8458B IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwDeleteFile] 458B1843 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwOpenDirectoryObject] 7DC085F8 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ZwQueryDirectoryObject] 00A33D67 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] 2A74C000 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoCreateDriver] 0000B53D IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!wcsrchr] 3D2374C0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoRegisterShutdownNotification] C00000A2 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAllocateWorkItem] 133D1C74 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!KeSetTimerEx] 74C00000 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ExQueueWorkItem] 00163D15 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!ObfDereferenceObject] 0E748000 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!_allmul] 0000143D IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!_allshr] 3D0774C0 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!memset] C0000012 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!_aulldiv] 05F63675 IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!memcpy] [F3D4BE14] \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KeGetCurrentIrql] F6FFFFA4 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\program files\Internet Explorer\IEXPLORE.EXE[1128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00DA18FD] C:\program files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 75001C7D IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C7D831E IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 6A1E7501 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 03E86800 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 016A0000 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] FF0471FF IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 43B2C015 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 18458B00 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 33002083 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 18C25DC0 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 0C7D8100 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000113 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 498BF175 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 20831845 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 40C03300 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 006ADBEB IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 437BF3B8 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 8124E800 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 758B0002 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 2406C708 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 088B0A74 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0851FF50 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 00246683 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FFFC4D83 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8514768B IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 560674F6 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 022FE8E8 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 818FE800 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 04C20002 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F18B5600 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFB4E856 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 44F6FFFF IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 74010824 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] A5E85607 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 59000233 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] C25EC68B IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 408B0004 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 74C08514 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B6E85006 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] C300022F IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0824448B IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 33002083 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0018C280 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 0024C280 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 1024448B IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] B8002083 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 80004001 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8B0010C2 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 83082444 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 02B80020 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 01B80008 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] C0330004 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0014C240 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0824448B IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 880440C7 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33088888 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 18C2C033 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 330008C2 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 10C240C0 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 24448B00 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0020830C IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [004001B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000CC280 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[3652] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FC458D56 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 75001C7D IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C7D831E IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 6A1E7501 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 03E86800 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 016A0000 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] FF0471FF IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 43B2C015 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 18458B00 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 33002083 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 18C25DC0 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 0C7D8100 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000113 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 498BF175 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 20831845 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 40C03300 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 006ADBEB IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 437BF3B8 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 8124E800 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 758B0002 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 2406C708 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 088B0A74 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0851FF50 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 00246683 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FFFC4D83 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8514768B IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 560674F6 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 022FE8E8 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 818FE800 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 04C20002 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F18B5600 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFB4E856 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 44F6FFFF IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 74010824 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] A5E85607 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 59000233 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] C25EC68B IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 408B0004 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 74C08514 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B6E85006 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] C300022F IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0824448B IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 33002083 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0018C280 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 0024C280 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 1024448B IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] B8002083 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 80004001 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8B0010C2 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 83082444 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 02B80020 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 01B80008 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] C0330004 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0014C240 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0824448B IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 880440C7 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33088888 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 18C2C033 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 330008C2 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 10C240C0 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 24448B00 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0020830C IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [004001B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000CC280 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[3660] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FC458D56 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8190A890 Device \Driver\NDIS \Device\Ndis [822BE982] NDIS.sys[.reloc] Device \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 F872B11B Device -> \Driver\nvidesm \Device\Harddisk0\DR0 81EFAEC5 ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) F4192000-F4198000 (24576 bytes) Module (noname) (*** hidden *** ) F418A000-F4190000 (24576 bytes) Module (noname) (*** hidden *** ) F4182000-F4188000 (24576 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:120] F41949D0 Thread System [4:124] F418C510 Thread System [4:128] F872BE8A ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\aec.sys (*** hidden *** ) [MANUAL] aec <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@ImagePath system32\drivers\aec.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@DisplayName Microsoft Kernel Acoustic Echo Canceller Reg HKLM\SYSTEM\CurrentControlSet\Services\aec\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\aec\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11483 Reg HKLM\SYSTEM\ControlSet002\Services\aec@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\aec@Start 3 Reg HKLM\SYSTEM\ControlSet002\Services\aec@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\Services\aec@ImagePath system32\drivers\aec.sys Reg HKLM\SYSTEM\ControlSet002\Services\aec@DisplayName Microsoft Kernel Acoustic Echo Canceller Reg HKLM\SYSTEM\ControlSet002\Services\aec\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\aec\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AF0DABFC901144EAA62C48C48821AF\Usage@UpgradeInformationFeature 1024918016 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0F96ECA58E3Abe44881CA048E1071008\Usage@TrayApp 1024927118 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C8ECBD949EFF8D4F90F83FED3B89CE9\Usage@AiOTrayAppPlugIn 1024919149 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\990BFB432B7059E46A3737266D80662A\Usage@UpgradeInformationFeature 1024919448 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC0F0E2D0EB6b0940BB8297680E3439C\Usage@MarsInfc 1024918381 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD8F9B0A949Cde548980D75C0C1CC918\Usage@statusexe 1024941051 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD8F9B0A949Cde548980D75C0C1CC918\Usage@WSObjs 1024917953 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore@Count 3606 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Count 3057 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 05: copy of MBR ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Dane aplikacji\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C4DE43BD-AEF1-11DF-A770-000461589DC2}.dat 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Dane aplikacji\Microsoft\Internet Explorer\Recovery\Active\{C4DE43BE-AEF1-11DF-A770-000461589DC2}.dat 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\temp\~DFC59E.tmp 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\temp\~DFF05F.tmp 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\95HIOSJF\infobar_close[1] 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\95HIOSJF\logo_glow_transparent[2] 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TPQ60LVS\infobar[2] 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TPQ60LVS\infobar_gradient[1] 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZD4AUW77\f[1].htm 0 bytes File C:\Documents and Settings\DOMOWY\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZD4AUW77\infobar_translate_auto_offer[1] 0 bytes File C:\WINDOWS\system32\DRIVERS\mouclass.sys suspicious modification File C:\WINDOWS\system32\drivers\nvidesm.sys suspicious modification ---- EOF - GMER 1.0.15 ----