GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-10 19:43:22 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.2AC1 Running: 8nsqdcm1.exe; Driver: C:\Users\Ewelina\AppData\Local\Temp\pxrdypoc.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9335D738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9335D74C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x9335D762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9335D79E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x9335D710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x9335D724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x9335D7C6] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x9335D7B2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9335D78A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x9335D776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9335D6FC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8343A8A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8345A2F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE ntoskrnl.exe!NtSetInformationProcess 8360BDD9 5 Bytes JMP 9335D77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 8361D9B3 5 Bytes JMP 9335D714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwTerminateProcess 8361DE3F 5 Bytes JMP 9335D700 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateUserProcess 83628731 5 Bytes JMP 9335D766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwNotifyChangeKey 8365EF8E 5 Bytes JMP 9335D7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 836733DD 5 Bytes JMP 9335D728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRestoreKey 8368B982 5 Bytes JMP 9335D7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwReplaceKey 836972E0 5 Bytes JMP 9335D7CA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcess 836D6BF1 5 Bytes JMP 9335D73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcessEx 836D6C3C 7 Bytes JMP 9335D750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetContextThread 836D7AFF 5 Bytes JMP 9335D78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A4D50000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A4D50123 629 Bytes [B5, D4, A4, FE, 05, 34, B5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A4D50399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A4D503FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A4D504AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 002124A0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00212740 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0021C9DA .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0021C896 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 002110A0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00212400 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00211400 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 002111C0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00211000 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 002123A0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00212B90 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00212D30 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00211F50 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 002121B0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00211CF0 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00211B60 .text C:\Program Files\AnyPC Client\APLangApp.exe[328] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00212E90 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 016324A0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01632740 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0163C9DA .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0163C896 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 016310A0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01632400 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01631400 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 016311C0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01631000 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 016323A0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01632B90 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01632D30 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01631F50 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 016321B0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01631CF0 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01631B60 .text C:\Program Files\McAfee.com\Agent\mcagent.exe[340] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01632E90 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 012724A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01272740 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0127C9DA .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0127C896 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 012710A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01272400 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01271400 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 012711C0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01271000 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 012723A0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01272B90 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01272D30 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01271F50 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 012721B0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01271CF0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01271B60 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[444] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01272E90 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 003824A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00382740 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0038C9DA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0038C896 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 003810A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00382400 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00381400 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 003811C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00381000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 003823A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00382B90 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00382D30 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00381F50 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 003821B0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00381CF0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00381B60 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[464] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00382E90 .text C:\Program Files\Winamp\winampa.exe[472] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 003824A0 .text C:\Program Files\Winamp\winampa.exe[472] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00382740 .text C:\Program Files\Winamp\winampa.exe[472] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0038C9DA .text C:\Program Files\Winamp\winampa.exe[472] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0038C896 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 003810A0 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00382400 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00381400 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 003811C0 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00381000 .text C:\Program Files\Winamp\winampa.exe[472] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 003823A0 .text C:\Program Files\Winamp\winampa.exe[472] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00382B90 .text C:\Program Files\Winamp\winampa.exe[472] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00382D30 .text C:\Program Files\Winamp\winampa.exe[472] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00381F50 .text C:\Program Files\Winamp\winampa.exe[472] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 003821B0 .text C:\Program Files\Winamp\winampa.exe[472] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00381CF0 .text C:\Program Files\Winamp\winampa.exe[472] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00381B60 .text C:\Program Files\Winamp\winampa.exe[472] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00382E90 ? C:\windows\system32\svchost.exe[1044] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\windows\system32\svchost.exe[1044] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 018124A0 .text C:\windows\system32\svchost.exe[1044] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01812740 .text C:\windows\system32\svchost.exe[1044] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0181C9DA .text C:\windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0181C896 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 018110A0 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01812400 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01811400 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 018111C0 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01811000 .text C:\windows\system32\svchost.exe[1044] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 018123A0 .text C:\windows\system32\svchost.exe[1044] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01811B60 .text C:\windows\system32\svchost.exe[1044] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01812E90 .text C:\windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01812B90 .text C:\windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01812D30 .text C:\windows\system32\svchost.exe[1044] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01811F50 .text C:\windows\system32\svchost.exe[1044] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 018121B0 .text C:\windows\system32\svchost.exe[1044] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01811CF0 .text C:\windows\system32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 009C000A .text C:\windows\system32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 009D000A .text C:\windows\system32\svchost.exe[1080] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 0096000A .text C:\windows\system32\svchost.exe[1080] ole32.dll!CoCreateInstance 7687590C 5 Bytes JMP 00A1000A .text C:\windows\system32\svchost.exe[1080] USER32.dll!GetCursorPos 755AC198 5 Bytes JMP 00EC000A .text C:\windows\system32\svchost.exe[1080] USER32.dll!GetForegroundWindow 755B565D 5 Bytes JMP 00EE000A .text C:\windows\system32\svchost.exe[1080] USER32.dll!WindowFromPoint 755D6D0C 5 Bytes JMP 00ED000A .text C:\windows\system32\Dwm.exe[1500] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 01D024A0 .text C:\windows\system32\Dwm.exe[1500] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01D02740 .text C:\windows\system32\Dwm.exe[1500] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 01D0C9DA .text C:\windows\system32\Dwm.exe[1500] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 01D0C896 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 01D010A0 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01D02400 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01D01400 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 01D011C0 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01D01000 .text C:\windows\system32\Dwm.exe[1500] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 01D023A0 .text C:\windows\system32\Dwm.exe[1500] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01D02B90 .text C:\windows\system32\Dwm.exe[1500] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01D02D30 .text C:\windows\system32\Dwm.exe[1500] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01D01F50 .text C:\windows\system32\Dwm.exe[1500] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 01D021B0 .text C:\windows\system32\Dwm.exe[1500] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01D01CF0 .text C:\windows\system32\Dwm.exe[1500] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01D01B60 .text C:\windows\system32\Dwm.exe[1500] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01D02E90 .text C:\windows\Explorer.EXE[1552] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 01BA000A .text C:\windows\Explorer.EXE[1552] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 01BB000A .text C:\windows\Explorer.EXE[1552] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 01A7000A .text C:\windows\Explorer.EXE[1552] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 046A2B90 .text C:\windows\Explorer.EXE[1552] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 046A2D30 .text C:\windows\system32\taskhost.exe[1740] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 009824A0 .text C:\windows\system32\taskhost.exe[1740] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00982740 .text C:\windows\system32\taskhost.exe[1740] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0098C9DA .text C:\windows\system32\taskhost.exe[1740] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0098C896 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 009810A0 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00982400 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00981400 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 009811C0 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00981000 .text C:\windows\system32\taskhost.exe[1740] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 009823A0 .text C:\windows\system32\taskhost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00982B90 .text C:\windows\system32\taskhost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00982D30 .text C:\windows\system32\taskhost.exe[1740] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00981F50 .text C:\windows\system32\taskhost.exe[1740] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 009821B0 .text C:\windows\system32\taskhost.exe[1740] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00981CF0 .text C:\windows\system32\taskhost.exe[1740] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00981B60 .text C:\windows\system32\taskhost.exe[1740] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00982E90 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 01B924A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01B92740 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 01B9C9DA .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 01B9C896 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 01B910A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01B92400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01B91400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 01B911C0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01B91000 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 01B923A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01B92B90 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01B92D30 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01B91F50 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 01B921B0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01B91CF0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01B91B60 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01B92E90 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 014524A0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 01452740 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0145C9DA .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0145C896 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 014510A0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 01452400 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 01451400 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 014511C0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 01451000 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 014523A0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 01452B90 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 01452D30 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 01451F50 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 014521B0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 01451CF0 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 01451B60 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[1908] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 01452E90 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[42900] kernel32.dll!LoadLibraryA 76C62884 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[42900] kernel32.dll!LoadLibraryW 76C628D2 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\windows\system32\SearchProtocolHost.exe[526400] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 001424A0 .text C:\windows\system32\SearchProtocolHost.exe[526400] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00142740 .text C:\windows\system32\SearchProtocolHost.exe[526400] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0014C9DA .text C:\windows\system32\SearchProtocolHost.exe[526400] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0014C896 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 001410A0 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00142400 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00141400 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 001411C0 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00141000 .text C:\windows\system32\SearchProtocolHost.exe[526400] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 001423A0 .text C:\windows\system32\SearchProtocolHost.exe[526400] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00142B90 .text C:\windows\system32\SearchProtocolHost.exe[526400] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00142D30 .text C:\windows\system32\SearchProtocolHost.exe[526400] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00141F50 .text C:\windows\system32\SearchProtocolHost.exe[526400] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 001421B0 .text C:\windows\system32\SearchProtocolHost.exe[526400] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00141CF0 .text C:\windows\system32\SearchProtocolHost.exe[526400] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00141B60 .text C:\windows\system32\SearchProtocolHost.exe[526400] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00142E90 ? C:\windows\System32\svchost.exe[1021544] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll .text C:\windows\System32\svchost.exe[1021544] ntdll.dll!NtEnumerateValueKey 76E74BC0 5 Bytes JMP 000724A0 .text C:\windows\System32\svchost.exe[1021544] ntdll.dll!NtQueryDirectoryFile 76E75240 5 Bytes JMP 00072740 .text C:\windows\System32\svchost.exe[1021544] ntdll.dll!NtResumeThread 76E75750 5 Bytes JMP 0007C9DA .text C:\windows\System32\svchost.exe[1021544] ntdll.dll!LdrLoadDll 76E8F5B5 5 Bytes JMP 0007C896 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!CopyFileW 76C48C8F 5 Bytes JMP 000710A0 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!MoveFileW 76C4A173 5 Bytes JMP 00072400 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!CreateFileW 76C60B7D 5 Bytes JMP 00071400 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!CreateFileA 76C6291C 5 Bytes JMP 000711C0 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!CopyFileA 76C77D1C 5 Bytes JMP 00071000 .text C:\windows\System32\svchost.exe[1021544] kernel32.dll!MoveFileA 76C9AD89 5 Bytes JMP 000723A0 .text C:\windows\System32\svchost.exe[1021544] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00072B90 .text C:\windows\System32\svchost.exe[1021544] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00072D30 .text C:\windows\System32\svchost.exe[1021544] WS2_32.dll!GetAddrInfoW 76A460F5 5 Bytes JMP 00071B60 .text C:\windows\System32\svchost.exe[1021544] WS2_32.dll!send 76A4C4C8 5 Bytes JMP 00072E90 .text C:\windows\System32\svchost.exe[1021544] WININET.dll!HttpSendRequestW 76AFEEB3 5 Bytes JMP 00071F50 .text C:\windows\System32\svchost.exe[1021544] WININET.dll!InternetWriteFile 76B190F0 5 Bytes JMP 000721B0 .text C:\windows\System32\svchost.exe[1021544] WININET.dll!HttpSendRequestA 76B705BC 5 Bytes JMP 00071CF0 .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 00D5000A .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 00D6000A .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 00D4000A .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00052B90 .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00052D30 .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CreateDialogParamW 755A9BFF 5 Bytes JMP 6CA5C5A8 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!EnableWindow 755AA72E 5 Bytes JMP 6CA5C523 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!GetAsyncKeyState 755AC09A 5 Bytes JMP 6CA1D6E9 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!UnhookWindowsHookEx 755ACC7B 5 Bytes JMP 6CB183A2 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CallNextHookEx 755ACC8F 5 Bytes JMP 6CAF9D94 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CreateWindowExW 755B0E51 5 Bytes JMP 6CB08197 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!SetWindowsHookExW 755B210A 5 Bytes JMP 6CAB463B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!GetKeyState 755B4FDA 5 Bytes JMP 6CA5D79A C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!IsDialogMessageW 755B6F06 5 Bytes JMP 6CA24284 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CreateDialogParamA 755C3E79 5 Bytes JMP 6CC30ACE C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!IsDialogMessage 755C407A 5 Bytes JMP 6CC3036F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CreateDialogIndirectParamA 755C9110 5 Bytes JMP 6CC30B05 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!CreateDialogIndirectParamW 755D08AD 5 Bytes JMP 6CC30B3C C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!DialogBoxIndirectParamW 755D4AA7 5 Bytes JMP 6CC2FED8 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!EndDialog 755D555C 5 Bytes JMP 6CA25AE9 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!DialogBoxParamW 755D564A 5 Bytes JMP 6CA24BA7 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!SetKeyboardState 755D6B52 5 Bytes JMP 6CC306D4 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!SendInput 755D7055 5 Bytes JMP 6CC31298 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!SetCursorPos 755EC1D8 5 Bytes JMP 6CC312F0 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!DialogBoxParamA 755ECF6A 5 Bytes JMP 6CC2FE75 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!DialogBoxIndirectParamA 755ED29C 5 Bytes JMP 6CC2FF3B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!MessageBoxIndirectA 755FE8C9 5 Bytes JMP 6CC2FE0A C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!MessageBoxIndirectW 755FE9C3 5 Bytes JMP 6CC2FD9F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!MessageBoxExA 755FEA29 5 Bytes JMP 6CC2FD3D C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!MessageBoxExW 755FEA4D 5 Bytes JMP 6CC2FCDB C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] USER32.dll!keybd_event 755FEC9B 5 Bytes JMP 6CC31623 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] SHELL32.dll!SHChangeNotification_Lock + 45BA 7594B440 4 Bytes [11, 36, AB, 6F] {ADC [ESI], ESI; STOSD ; OUTSD } .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] SHELL32.dll!SHChangeNotification_Lock + 45C2 7594B448 8 Bytes [5F, 35, AB, 6F, D0, 73, AA, ...] {POP EDI; XOR EAX, 0x73d06fab; STOSB ; OUTSD } .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ole32.dll!OleLoadFromStream 76825BF6 5 Bytes JMP 6CC3022B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1021960] ole32.dll!CoCreateInstance 7687590C 5 Bytes JMP 6CB08C85 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 004C000A .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 004D000A .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 004B000A .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] ADVAPI32.dll!RegCreateKeyExA 75821B71 5 Bytes JMP 00052B90 .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] ADVAPI32.dll!RegCreateKeyExW 7582B946 5 Bytes JMP 00052D30 .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!CreateWindowExW 755B0E51 5 Bytes JMP 6CB08197 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!DialogBoxIndirectParamW 755D4AA7 5 Bytes JMP 6CC2FED8 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!DialogBoxParamW 755D564A 5 Bytes JMP 6CA24BA7 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!DialogBoxParamA 755ECF6A 5 Bytes JMP 6CC2FE75 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!DialogBoxIndirectParamA 755ED29C 5 Bytes JMP 6CC2FF3B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!MessageBoxIndirectA 755FE8C9 5 Bytes JMP 6CC2FE0A C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!MessageBoxIndirectW 755FE9C3 5 Bytes JMP 6CC2FD9F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!MessageBoxExA 755FEA29 5 Bytes JMP 6CC2FD3D C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1023800] USER32.dll!MessageBoxExW 755FEA4D 5 Bytes JMP 6CC2FCDB C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!__wgetmainargs] 64C03356 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_exit] 000030A1 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_XcptFilter] 0C408B00 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!exit] AD1C708B IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_initterm] 5E08408B IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_amsg_exit] CCCCCCC3 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!__setusermatherr] CCCCCCCC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!memcpy] CCCCCCCC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_controlfp] 53EC8B55 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_except_handler4_common] 558B5756 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 8BDA8B08 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!__set_app_type] FA033C7A IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!__p__fmode] 503F8166 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!__p__commode] 03547545 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [msvcrt.dll!_cexit] 4B8B785F IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 0C72A6F3 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!CloseHandle] FD875996 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 47471774 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 23EBE6E2 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetLastError] BE66F633 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 8166EEC5 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 2BEEB6EE IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExA] EBFE2BF1 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!InterlockedExchange] 66C033E3 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!Sleep] E0C1078B IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1C738B02 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetModuleHandleA] F003F203 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 5DC203AD IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetTickCount] 5D5B5E5F IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] CCCCCCC3 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] CCCCCCCC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!DeactivateActCtx] CCCCCCCC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] CCCCCCCC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!ActivateActCtx] 83EC8B55 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!lstrcmpW] FF52E857 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!RegCloseKey] 50000A41 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!RegOpenKeyExW] E8E04589 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!HeapSetInformation] FFFFFF64 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 41100D8B IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!lstrlenW] 158B000A IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [000A4114] C:\windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!RegQueryValueExW] A1EC4589 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!ReleaseActCtx] [000A410C] C:\windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!CreateActCtxW] 66D04589 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0A4118A1 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] D44D8900 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!ExitProcess] 411A0D8A IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] C483000A IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!RegDisablePredefinedCacheEx] D8558908 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8DDE4D88 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 8B50D045 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObjectEx] FF50E045 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!LocalFree] 4589EC55 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!HeapFree] 08558BFC IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 8B3C428B IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 00047983 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [75E84D89] C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 0C79830A IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 9C840F00 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlCopySid] 8B000000 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 018B1071 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] C203F203 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8BE07589 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 89F68530 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 7F74E445 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!EtwEventWrite] 83FFCF83 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!EtwEventEnabled] F685FFCB IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!EtwEventRegister] B70F0579 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8BDB33FE IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [75FF50F0] C:\windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] EC55FFF8 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 8BF44589 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 4D8BF445 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 740139E0 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 8B018902 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 708BE445 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 08558B04 IAT C:\windows\system32\svchost.exe[1044] @ C:\windows\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 8304C083 IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D22494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D05624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D056E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D2250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D18573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D14D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D150CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D151A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D166D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D182CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D18819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D1907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D1E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D14C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\TEMP\rqtf\setup.exe[39152] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[43032] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74ED5E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] [7582B656] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_exit] [7582B5A2] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] [7582B7C4] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!exit] [7582BED4] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_initterm] [7582BC25] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] [7582BC0D] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] [75821B96] C:\windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!memcpy] 00000000 IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_controlfp] [7497AAC6] C:\windows\System32\DNSAPI.dll (Biblioteka DLL interfejsu API klienta usługi DNS/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] [7497B030] C:\windows\System32\DNSAPI.dll (Biblioteka DLL interfejsu API klienta usługi DNS/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] [74976F5C] C:\windows\System32\DNSAPI.dll (Biblioteka DLL interfejsu API klienta usługi DNS/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 00000000 IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!__p__fmode] [76FC08BB] C:\windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!__p__commode] 00000000 IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [msvcrt.dll!_cexit] [76C60E71] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [76C62994] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] [76C4BDDD] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [76C61094] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [76C618CA] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetLastError] [76C5F17B] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [76C5F19D] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [76C5F1A8] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExA] [76C5F571] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] [76C5CC62] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!Sleep] [76C629EC] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [76C544C7] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] [76C5EF66] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [76C6281D] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] [76C5F236] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [76C6179E] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [76E8F8FF] C:\windows\SYSTEM32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] [76C605D7] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [76C53344] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] [76C62AEF] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [76C62E05] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!RegCloseKey] [76C4E2F7] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!RegOpenKeyExW] [76C5FE57] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] [76C4DEEF] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [76C53E72] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] [76C5F196] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [76C5EF76] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!RegQueryValueExW] [76C611EC] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] [76C6351F] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] [76C4410F] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [76C5F270] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [76C62A57] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] [76C5F1B8] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] [76C4DF81] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!RegDisablePredefinedCacheEx] [76E769CE] C:\windows\SYSTEM32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [76E820B5] C:\windows\SYSTEM32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [76E87E6F] C:\windows\SYSTEM32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObjectEx] [76C4B42C] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!LocalFree] [76C9F4DB] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!HeapFree] [76C785C1] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [76C5509B] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [76C6291C] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [76C61A09] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [76C61857] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [76C62884] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlCopySid] [76C628F7] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [76C5F2CB] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] [76C60614] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] [76C60D55] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [76C5FE64] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [76C5BC8B] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!EtwEventWrite] [76C629B7] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!EtwEventEnabled] [76C4E588] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!EtwEventRegister] [76C5D687] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [76C5CC7A] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [76A8CDB6] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [76A8D7BA] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [76A8D249] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [76AAD352] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [76A8CE74] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [76A8DAFE] C:\windows\system32\SHLWAPI.dll (Biblioteka dodatkowych narzędzi powłoki/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000000 IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [755B603F] C:\windows\system32\USER32.dll (Współużytkowana biblioteka DLL klienta Windows USER API/Microsoft Corporation) IAT C:\windows\System32\svchost.exe[1021544] @ C:\windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [755B5C24] C:\windows\system32\USER32.dll (Współużytkowana biblioteka DLL klienta Windows USER API/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6FAA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6FAA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6FA9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6FAA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6FAA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6FAA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6FAA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6FAA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6FAA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6FAA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6FAA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6FAA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6FAA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6FAA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6FAA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6FAA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6FAA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6FAA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6FAA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6FAA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6FA9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6FAA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6FAA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6FAA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6FAA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6FA9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6FAA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6FAA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6FA9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6FA9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6FAA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6FAA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6FA9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6FAA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6FAA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6FAA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6FAA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6FAA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6FAA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6FAA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6FAA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6FAA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6FAA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6FAA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6FAA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6FAA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6FAA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6FAA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6FAA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6FAA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6FAA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6FAA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6FAA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6FAA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6FAA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6FAA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6FAA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6FAA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6FAA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6FAA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6FAA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6FAA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6FAA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6FAA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6FAA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6FAA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6FAA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6FAA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6FAA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6FAA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6FAA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6FAA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6FAA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6FAA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6FAA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6FAA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6FAA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6FAA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6FAA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6FAA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6FAA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6FAA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6FAA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6FAA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6FAA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6FA9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6FAA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6FAA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6FAA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6FAA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6FAA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6FA9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6FA9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6FAA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6FAA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6FA9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6FA9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6FAA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6FAA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6FA9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6FAA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6FA9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6FAA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6FAA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1021960] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6FA99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Processes - GMER 1.0.15 ---- Process ukryty proces (*** hidden *** ) 2112 Process ukryty proces (*** hidden *** ) 4304 Process ukryty proces (*** hidden *** ) 17520 Process ukryty proces (*** hidden *** ) 36128 Process ukryty proces (*** hidden *** ) 38332 Process ukryty proces (*** hidden *** ) 38504 Process ukryty proces (*** hidden *** ) 38920 Process ukryty proces (*** hidden *** ) 38952 Process ukryty proces (*** hidden *** ) 39500 Process ukryty proces (*** hidden *** ) 39720 Process ukryty proces (*** hidden *** ) 39852 Process ukryty proces (*** hidden *** ) 39984 Process ukryty proces (*** hidden *** ) 40000 Process ukryty proces (*** hidden *** ) 40052 Process ukryty proces (*** hidden *** ) 40236 Process ukryty proces (*** hidden *** ) 40760 Process ukryty proces (*** hidden *** ) 40940 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272a7d410 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272a7d410@001e3760f616 0x9F 0xAC 0x59 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272a7d410@00233a057708 0x48 0x6F 0x49 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272a7d410@78ca046de0f8 0x1F 0x5A 0x37 0x7C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272a7d410 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272a7d410@001e3760f616 0x9F 0xAC 0x59 0x6B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272a7d410@00233a057708 0x48 0x6F 0x49 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272a7d410@78ca046de0f8 0x1F 0x5A 0x37 0x7C ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----