GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-23 21:58:58 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD322HJ rev.1AC01110 Running: gmer.exe; Driver: C:\DOCUME~1\Krzychu\USTAWI~1\Temp\kxtdypog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6825380, 0x8D6CD5, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB1E4D300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB34DD300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\svchost.exe[276] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll ? C:\WINDOWS\system32\svchost.exe[1348] image checksum mismatch; time/date stamp mismatch; unknown module: MAPI32.dllunknown module: DNSAPI.dll .text C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00FBC464 C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1696] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 017AE936 C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1696] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 017AE97C C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1696] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 017AE9A3 C:\Documents and Settings\Krzychu\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Program Files\Mozilla Firefox\firefox.exe[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0149A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2036] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016D7E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2036] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016D7DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2036] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0149EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2036] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016D7D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DCF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DEC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C80] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F24DF2] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B12] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C812847] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C92AA79] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C90FE30] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809806] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C821982] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918477] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [7C802213] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80AC7E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [7C80AE40] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D53] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[276] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 51EC8B55 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 830C458B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] D23302C0 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 000003B9 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] C1F1F700 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 558B02E0 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01EA8314 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 0776C23B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 95E9C033 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 83000000 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 72030C7D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 10458B2D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 084D8B50 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 0086E851 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0C55 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 03C08308 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 8B084589 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] C183104D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 104D8904 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 7D83CDEB IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5176000C IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 0CC48300 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 500C458B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 51084D8B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 52FC558D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 000D0FE8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 0CC48300 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 5010458B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 51FC4D8D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00002FE8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 08C48300 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C610558B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 833D0342 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 75010C7D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 10458B07 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 3D0240C6 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] 83104D8B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 4D8904C1 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 10558B10 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B80002C6 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 00000001 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] C35DE58B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 83EC8B55 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 8B5608EC IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] B60F0845 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] C1F8558B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 558908E2 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 08458BF8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 0148B60F IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 89F84D03 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 558BF84D IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 08E2C1F8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8BF85589 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] B60F0845 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 4D030248 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] F84D89F8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 00FC45C7 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] EB000000 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] FC558B09 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 8901C283 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 7D83FC55 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 377D04FC IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 25F8458B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 8000003F IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 83480579 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00000003 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8BFC4D2B IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 358B0C55 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [0801C000] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 8806048A IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 458B0A04 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] E28399F8 IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] C1C2033F IAT C:\WINDOWS\system32\svchost.exe[1348] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 458906F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8F 0x0E 0x77 0x31 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x64 0x6B 0xF4 0x93 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x66 0xB8 0xAA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xC8 0xEE 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x45 0x9D 0xF9 0x3C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5D 0x48 0x74 0x17 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDE 0x28 0xDC 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8F 0x0E 0x77 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x64 0x6B 0xF4 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x66 0xB8 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA9 0xC8 0xEE 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x45 0x9D 0xF9 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5D 0x48 0x74 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDE 0x28 0xDC 0xD3 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B81FAA57-3D73-17F4-8AF3-10FC54533DC0} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B81FAA57-3D73-17F4-8AF3-10FC54533DC0}@hacadpingcihebig 0x61 0x61 0x00 0xFF Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B81FAA57-3D73-17F4-8AF3-10FC54533DC0}@jacadpingcihebigbfio 0x63 0x61 0x64 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B81FAA57-3D73-17F4-8AF3-10FC54533DC0}@pakaejmlphmlaocchpolibaangommnag 0x64 0x61 0x68 0x63 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Krzychu\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RLDLL5X7\south_net[6].txt 14767 bytes