GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-25 20:45:13 Windows 5.1.2600 Dodatek Service Pack 3 Running: ogzzwdkh.exe; Driver: C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\kgpiqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\AtapiDrv.sys ZwCreateFile [0xA7CB048F] <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\AtapiDrv.sys ZwQueryDirectoryFile [0xA7CB05D5] <-- ROOTKIT !!! Code 8A5AA0E0 pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\pduhrrju.sys Urządzenie podłączone do komputera nie działa. ! PAGE Ntfs.sys F71A9E55 4 Bytes CALL 8A72C631 ? dwshd.sys Nie można odnaleźć określonego pliku. ! .reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x8A57D200, 0x3252A, 0xE0000060] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF1B7C000, 0x19D612, 0xE8000020] .text AtapiDrv.sys A7CAF000 23 Bytes [55, 8B, EC, 51, 51, 83, 65, ...] .text AtapiDrv.sys A7CAF018 62 Bytes [00, 00, 7C, 05, 6A, 02, 58, ...] .text AtapiDrv.sys A7CAF057 8 Bytes [55, 8B, EC, 51, 51, 83, 65, ...] .text AtapiDrv.sys A7CAF060 72 Bytes [8B, 45, 08, 03, 45, 0C, 0F, ...] .text AtapiDrv.sys A7CAF0A9 65 Bytes [FF, 00, 00, C1, F9, 08, 03, ...] .text ... ? C:\WINDOWS\system32\drivers\AtapiDrv.sys Wolumin pliku został zewnętrznie zmieniony w taki sposób, że otwarty plik nie jest już prawidłowy. .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA409F300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF082A300, 0x1B7E, 0xE8000020] .text Beep.SYS A3683300 61 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text Beep.SYS A368333E 9 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text Beep.SYS A3683348 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text Beep.SYS A3683353 41 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text Beep.SYS A368337D 50 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0084000A .text C:\WINDOWS\System32\svchost.exe[132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0085000A .text C:\WINDOWS\System32\svchost.exe[132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0083000C .text C:\WINDOWS\System32\svchost.exe[132] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00EB000A .text C:\WINDOWS\System32\svchost.exe[132] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00EA000A .text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A7000A .text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A .text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A6000C .text C:\WINDOWS\system32\wuauclt.exe[2260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003E000A .text C:\WINDOWS\system32\wuauclt.exe[2260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003F000A .text C:\WINDOWS\system32\wuauclt.exe[2260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003D000C ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!ExReleaseFastMutex] 00000000 IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!KfRaiseIrql] 00000000 IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!KfLowerIrql] 00000000 IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!HalMakeBeep] 00000000 IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!ExAcquireFastMutex] 00000000 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01AF5484 IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01AF5736 IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01AF5736 IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01AF5484 IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01AF5736 IAT C:\WINDOWS\System32\svchost.exe[132] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01AF51CB IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[320] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\DOCUME~1\MEBLEW~1\USTAWI~1\Temp\fFollower.exe[1080] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 019951CB IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 019951CB IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01995117 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 019950B2 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01995080 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01995484 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01995736 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01995736 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 019951CB IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01995736 IAT C:\WINDOWS\system32\services.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01995484 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B351CB IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B35117 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B350B2 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B35080 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00B35117 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B351CB IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00B35117 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00B350B2 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B35484 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B35736 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B35736 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B35484 IAT C:\WINDOWS\system32\lsass.exe[1544] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B35736 IAT C:\WINDOWS\system32\svchost.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00835080 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008451CB IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00845117 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008450B2 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00845080 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00845484 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00845736 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00845736 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00845484 IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00845736 IAT C:\WINDOWS\system32\svchost.exe[1828] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008451CB IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 018D5736 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 018D5484 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 018D5736 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 018D5736 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 018D5736 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 018D5484 IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 018D51CB IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\WINDOWS\system32\PnkBstrA.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\svchost.exe[2292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C8099BF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80997B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80AE30] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80AC6E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C8305E6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C817013] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80AC9F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C8211B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809832] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A4B7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C8099B0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809A1D] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C87EECD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C90D8C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C90D5B0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C918112] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C912F40] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C917988] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918275] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C913698] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C918258] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C90CFD0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C9136C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C91377F] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C92CEA5] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C934EB9] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C910319] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C90FE2A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C9659AF] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C91314A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C8099BF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80997B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80AE30] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80AC6E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C8305E6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C817013] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80AC9F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C8211B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809832] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A4B7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C8099B0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809A1D] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C87EECD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C90D8C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C90D5B0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C918112] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C912F40] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C917988] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918275] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C913698] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C918258] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C90CFD0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C9136C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C91377F] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C92CEA5] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C934EB9] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C910319] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C90FE2A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C9659AF] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2360] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C91314A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C8099BF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80997B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80AE30] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80AC6E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C8305E6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C817013] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80AC9F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C8211B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809832] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A4B7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C8099B0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809A1D] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C87EECD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C90D8C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C90D5B0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C918112] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C912F40] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C917988] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918275] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C913698] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C918258] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C90CFD0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C9136C0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C91377F] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C92CEA5] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C934EB9] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C910319] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C90FE2A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C9659AF] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2444] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C91314A] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\wdfmgr.exe[2476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3348] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\alg.exe[3752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A6D25E0 AttachedDevice \FileSystem\Ntfs \Ntfs InCDRec.sys (InCD File System Recognizer/Nero AG) Device \Driver\NDIS \Device\Ndis [8A584984] NDIS.sys[.reloc] Device -> \Driver\atapi \Device\Harddisk0\DR0 8A5CEEC5 ---- Threads - GMER 1.0.15 ---- Thread rundll32.exe [2012:1328] 00A75008 Thread rundll32.exe [2012:3060] 00AA5008 Thread rundll32.exe [2012:2936] 00AF5008 Thread svchost.exe [2348:3732] 00095008 Thread svchost.exe [2360:2344] 00095008 Thread svchost.exe [2444:3144] 00095008 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] pduhrrju <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\pduhrrju@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\pduhrrju@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\pduhrrju@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\pduhrrju@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\SPService\Parameters@ServiceDll c:\documents and settings\all users\dane aplikacji\19547504\sp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x63 0x1B 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC4 0xE4 0x05 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x58 0x4A 0x52 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x20 0xDE 0x37 ... Reg HKLM\SYSTEM\ControlSet002\Services\pduhrrju@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\pduhrrju@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\pduhrrju@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\pduhrrju@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE8 0x63 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC4 0xE4 0x05 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x58 0x4A 0x52 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x20 0xDE 0x37 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@byyyxxsys rundll32.exe "yaawww.dll",s ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----