GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-09 17:38:52 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL23 Running: 5lwowd0j.exe; Driver: C:\DOCUME~1\JAINIK~1\USTAWI~1\Temp\uxtoapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text mrxsmb.sys B9D0B000 406 Bytes [75, 14, FF, 75, 10, FF, 75, ...] .text mrxsmb.sys B9D0B197 26 Bytes [4D, 10, 3B, D1, 77, 46, 85, ...] .text mrxsmb.sys B9D0B1B2 464 Bytes [55, FC, 72, 02, 8B, D1, 8B, ...] .text mrxsmb.sys B9D0B383 62 Bytes [00, 0F, B6, 0E, 85, C9, 89, ...] .text mrxsmb.sys B9D0B3C2 87 Bytes [00, 00, C0, 81, FA, 00, 00, ...] .text ... ? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\wuauclt.exe[188] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\TEMP\VRTB.tmp[216] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD ? C:\WINDOWS\system32\svchost.exe[244] image checksum mismatch; time/date stamp mismatch; unknown module: MAPI32.dllunknown module: DNSAPI.dll .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD ? C:\WINDOWS\system32\svchost.exe[252] image checksum mismatch; time/date stamp mismatch; unknown module: MAPI32.dllunknown module: DNSAPI.dll .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD ? C:\WINDOWS\system32\svchost.exe[260] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD ? C:\WINDOWS\system32\svchost.exe[268] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FF964D0 .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FF9655F .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FF9656C .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FF967F0 .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FF96555 .text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FF965AD .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FF964D0 .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FF9655F .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FF9656C .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FF967F0 .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FF96555 .text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FF965AD .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Mozilla Firefox\firefox.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01210C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01447B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01447B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 01213FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[868] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01447AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[868] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A82F62 7 Bytes JMP 0280D320 .text C:\Program Files\Mozilla Firefox\firefox.exe[868] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A8B76A 7 Bytes JMP 0280D390 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0040191C C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 00401934 C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ADVAPI32.dll!CryptDecrypt 77DDA109 5 Bytes JMP 1000F6AF C:\WINDOWS\system32\2n.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ADVAPI32.dll!CryptEncrypt 77DDE340 5 Bytes JMP 1000F6E6 C:\WINDOWS\system32\2n.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] ws2_32.dll!send 71A54C27 5 Bytes JMP 00401928 C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A82F62 7 Bytes JMP 029CD320 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1032] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A8B76A 7 Bytes JMP 029CD390 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Documents and Settings\Ja i nikt inny\Moje dokumenty\Pobieranie\5lwowd0j.exe[1252] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\TEMP\VRT3.tmp[1372] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .reloc C:\WINDOWS\Explorer.EXE[1520] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0xA800, 0xE0000060] .reloc C:\WINDOWS\Explorer.EXE[1520] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x01105030] .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1880] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 004018E8 C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe ( ) .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 00401900 C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe ( ) .text C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe[1896] ws2_32.dll!send 71A54C27 5 Bytes JMP 004018F4 C:\Documents and Settings\Ja i nikt inny\Dane aplikacji\alitr3j.exe ( ) .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\TEMP\VRTD.tmp[1904] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ADVAPI32.dll!CryptDecrypt 77DDA109 5 Bytes JMP 1000F6AF C:\WINDOWS\system32\2n.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] ADVAPI32.dll!CryptEncrypt 77DDE340 5 Bytes JMP 1000F6E6 C:\WINDOWS\system32\2n.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A82F62 7 Bytes JMP 008CD320 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2116] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A8B76A 7 Bytes JMP 008CD390 .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA64D0 .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA655F .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA656C .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA67F0 .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA6555 .text C:\WINDOWS\System32\svchost.exe[3688] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA65AD .text C:\WINDOWS\System32\svchost.exe[3688] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 0093000A .text C:\WINDOWS\System32\svchost.exe[3688] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[3688] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 0091000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlFreeAnsiString] 8DC03300 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ExUnregisterCallback] 0187384E IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!wcsspn] FF0875FF IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!MmQuerySystemSize] D2468415 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ZwSetSecurityObject] 74F685B9 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ExDeleteResourceLite] 8BD2320A IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ExAllocatePoolWithQuotaTag] 4415FFCE IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ZwQueryValueKey] 5EB9D244 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!ZwOpenKey] 5D5BC38B IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoSetDeviceInterfaceState] 900004C2 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlFindClearRuns] 90909090 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeRemoveEntryDeviceQueue] 8B55FF8B IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlCompareMemoryUlong] 48EC83EC IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlUnicodeStringToInteger] 0C758B56 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!strlen] 33126A57 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoFreeMdl] 7D8D59C0 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!RtlUnicodeToOemN] A1ABF3B8 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeReadStateEvent] [B9D27EB0] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!FsRtlFreeFileLock] 33B84589 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoSetShareAccess] 384E8DC0 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoAllocateErrorLogEntry] FF330187 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!KeQueryInterruptTime] 3D89C033 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoRegisterFileSystem] [B9D27E3C] \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 51EC8B55 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 830C458B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] D23302C0 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 000003B9 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] C1F1F700 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 558B02E0 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01EA8314 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 0776C23B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 95E9C033 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 83000000 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 72030C7D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 10458B2D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 084D8B50 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 0086E851 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0C55 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 03C08308 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 8B084589 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] C183104D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 104D8904 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 7D83CDEB IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5176000C IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 0CC48300 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 500C458B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 51084D8B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 52FC558D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 000D0FE8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 0CC48300 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 5010458B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 51FC4D8D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00002FE8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 08C48300 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C610558B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 833D0342 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 75010C7D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 10458B07 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 3D0240C6 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] 83104D8B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 4D8904C1 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 10558B10 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B80002C6 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 00000001 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] C35DE58B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 83EC8B55 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 8B5608EC IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] B60F0845 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] C1F8558B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 558908E2 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 08458BF8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 0148B60F IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 89F84D03 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 558BF84D IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 08E2C1F8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8BF85589 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] B60F0845 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 4D030248 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] F84D89F8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 00FC45C7 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] EB000000 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] FC558B09 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 8901C283 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 7D83FC55 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 377D04FC IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 25F8458B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 8000003F IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 83480579 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00000003 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8BFC4D2B IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 358B0C55 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [0801C000] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 8806048A IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 458B0A04 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] E28399F8 IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] C1C2033F IAT C:\WINDOWS\system32\svchost.exe[244] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 458906F8 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 244C8D51 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 1BC82B04 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 23D0F7C0 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 25C48BC8 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] FFFFF000 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 0A72C83B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 9459C18B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 0489008B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 002DC324 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 85000010 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] CCE9EB00 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 7340F980 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 20F98015 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] D31FE180 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] C033C3E8 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] CCC3D233 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 7340F980 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 20F98015 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] A50F0673 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] C3E0D3C2 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] CCC3D233 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 24448B53 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 75C00B14 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 244C8B18 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 24448B10 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] F7D2330C IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 24448BF1 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 8BF1F708 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] EBD233C2 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 8BC88B50 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 8B10245C IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B0C2454 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] D1082444 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] D1DBD1E9 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 0BD8D1EA IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] F7F475C9 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] F7C88BF3 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 91142464 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 102464F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 0E72D103 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0C24543B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 0E720877 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 0824443B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 442B0876 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 442B1424 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 541B0824 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] DAF70C24 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] DA83D8F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 10C25B00 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] CCCCCC00 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 448B5653 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] C00B1824 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 4C8B1875 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 448B1424 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] D2331024 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] D88BF1F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0C24448B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] D38BF1F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] C88B41EB IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 14245C8B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 1024548B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 0C24448B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] D8D1EAD1 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] F475C90B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] F08BF3F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 182464F7 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 448BC88B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] E6F71424 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0E72D103 IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 1024543B IAT C:\WINDOWS\system32\svchost.exe[252] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 07720877 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 308025FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 25FF0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [04303094] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 307825FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 25FF0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [04303074] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 307C25FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 25FF0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [04303084] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 308825FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 25FF0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [0430308C] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 309025FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] CCCC0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 45C714EC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 000000FC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 087D8300 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 83647400 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 7E040C7D IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] F845C75E IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 000000EC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 8B09EB00 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] C183EC4D IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] EC4D8901 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] C10C558B IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 553902EA IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8B1D73EC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] AF0FF045 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 4503EC45 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 084D8BF0 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 89F84D03 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] F8558B01 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 8904C283 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] CFEBF855 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 0308458B IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] 4D8B0C45 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] FC4889F0 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 01FC45C7 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8B000000 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] E58BFC45 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] CCCCC35D IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 83EC8B55 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 50B83CEC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 66000000 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 30006804 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 00680000 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 6A000004 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 4815FF00 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 89043030 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 7D83FC45 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 840F00FC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 0000018C IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] FFE445C7 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 6AFFFFFF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 380D8BFF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 510430D2 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 302815FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 006A0430 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 026A026A IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] FFFEFBE8 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] E44589FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] FFE47D83 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 013D840F IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 146A0000 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] F5E852CC IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8300000C IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 00A10CC4 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 50043040 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] FFFEC7E8 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] E04589FF IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00CB45C6 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00E07D83 IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 4D8B4C74 IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DCEFFC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DEC208] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC797B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F2684B] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F24BF2] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15AD3] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A0C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C812847] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C90FE10] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809806] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C82FBD8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C830D4C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C821982] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C919B80] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [7C802213] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80AC7E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [7C80AE40] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D53] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8350BF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834D41] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[268] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) B9ED8000-B9EF4000 (114688 bytes) ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\System32\svchost.exe (*** hidden *** ) 3688 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB38935$\2698393793 0 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\L 0 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\L\00000004.@ 804 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\L\201d3dde 516 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\L\eyrmonon 455936 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U 0 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U\00000004.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U\00000008.@ 232960 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U\000000cb.@ 1632 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U\80000000.@ 13312 bytes File C:\WINDOWS\$NtUninstallKB38935$\2698393793\U\80000032.@ 87040 bytes File C:\WINDOWS\$NtUninstallKB38935$\3901855375 0 bytes ---- EOF - GMER 1.0.15 ----