GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-19 16:25:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: jvr2k9tv.exe; Driver: C:\Users\Ewa\AppData\Local\Temp\uxriipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[740] C:\windows\syswow64\user32.DLL!TranslateMessage 00000000754c7809 5 bytes JMP 000000011000b5e0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[740] C:\windows\syswow64\user32.DLL!GetClipboardData 0000000075509f1d 5 bytes JMP 000000011000b4f0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedEnableErrorSource] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedSetErrorSourceInfo] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedDisableErrorSource] [f269370d8d480c73] [unknown section] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetInjectionCapabilities] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedInjectError] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedFinalizeErrorRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedBugCheckSystem] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedAttemptErrorRecovery] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedWriteErrorRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedFreeMemory] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedClearErrorRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedIsSystemWheaEnabled] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedInitialize] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedReadErrorRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedAllocateMemory] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetBootErrorPacket] [?] IAT C:\windows\system32\ntoskrnl.exe[PSHED.dll!PshedGetAllErrorSources] [fc160d8d483374ef] [unknown section] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalIsHyperThreadingEnabled] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalEnumerateProcessors] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalQueryMaximumProcessorCount] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalStartNextProcessor] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRegisterDynamicProcessor] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalStartDynamicProcessor] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeProcessor] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSendSoftwareInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalCalibratePerformanceCounter] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!KeStallExecutionProcessor] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalEnableInterrupt] [fbd60d8d48ffe85e] [unknown section] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRequestClockInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetProfileInterval] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalStartProfileInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalStopProfileInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalHandleNMI] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalPerformEndOfInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRequestSoftwareInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalHandleMcheck] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRequestIpi] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalDisableInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!KeFlushWriteBuffer] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetInterruptTargetInformation] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeOnResume] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalProcessorIdle] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalAllocateCrashDumpRegisters] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetTimeIncrement] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetEnvironmentVariable] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetEnvironmentVariable] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetEnvironmentVariableEx] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetEnvironmentVariableEx] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalEnumerateEnvironmentVariablesEx] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalQueryEnvironmentVariableInfoEx] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetRealTimeClock] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSetBusDataByOffset] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetBusDataByOffset] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalReturnToFirmware] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetProcessorIdByNtNumber] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalTranslateBusAddress] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetMessageRoutingInfo] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalGetVectorInput] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRegisterErrataCallbacks] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!KeQueryPerformanceCounter] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalRequestDeferredRecoveryServiceInterrupt] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalAllProcessorsStarted] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalInitSystem] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalQueryRealTimeClock] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalInitializeBios] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalReportResourceUsage] [?] IAT C:\windows\system32\ntoskrnl.exe[HAL.dll!HalSendNMI] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [?] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [f618742000000450] [unknown section] IAT C:\windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsAdvanceLogBase] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtTailAdvanceFailure] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer] [f8833ff1ffff2510] [unknown section] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtHandleLogFileFull] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnGreater] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReserveAndAppendLogAligned] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtSetLogFileSize] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnDifference] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsRemoveLogContainer] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsAddLogContainer] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCreateMarshallingArea] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnLess] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnContainer] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsFlushToLsn] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnInvalid] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsGetLogFileInformation] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtDeregisterManagedClient] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCloseLogFileObject] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtInstallPolicy] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsMgmtRegisterManagedClient] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsCreateLogFile] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!CLFS_LSN_INVALID] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsLsnEqual] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadLogRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadNextLogRecord] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsTerminateReadLog] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsWriteRestartArea] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsDeleteLogByPointer] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsDeleteMarshallingArea] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!CLFS_LSN_NULL] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReserveAndAppendLog] [?] IAT C:\windows\system32\ntoskrnl.exe[CLFS.SYS!ClfsReadRestartArea] [?] IAT C:\windows\system32\ntoskrnl.exe[CI.dll!CiInitialize] [?] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!memcpy] [8b48000002b08889] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!?terminate@@YAXXZ] [30244c8b48382454] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!__set_app_type] [448b4800001f5be8] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_fmode] [ccc328c483483024] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_commode] [245488182444894c] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!__setusermatherr] [834808244c894810] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_amsg_exit] [e830244c8b4828ec] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_initterm] [24448b48fffffef4] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!exit] [262700d8d4830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_cexit] [3024448b48088948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_exit] [24448b48000840c6] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!_XcptFilter] [488838244cb60f30] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!__wgetmainargs] [f4024448b4c10c0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[msvcrt.dll!memset] [e8c88b48382454b6] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlSubAuthoritySid] [ba000000d8054830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlLengthRequiredSid] [e8c88b4800004000] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlFreeHeap] [24448b48fffffd1c] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlCopySid] [ba000001c0054830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlAllocateHeap] [e8c88b4800004000] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlInitializeSid] [24448b48fffffdd4] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlSubAuthorityCountSid] [ccccc328c4834830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!EtwEventWrite] [cccccccccccccccc] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlImageNtHeader] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!EtwEventRegister] [8d483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlUnhandledExceptionFilter] [88948000261930d] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!EtwEventEnabled] [33ee830244c8b48] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlSetProcessIsCritical] [ccc328c483480000] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlCaptureContext] [cccccccccccccccc] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlLookupFunctionEntry] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlVirtualUnwind] [83483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[ntdll.dll!RtlInitializeCriticalSection] [c6e8c88b4820c0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!LocalAlloc] [c196e8c88b4828c0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!CloseHandle] [483024448b48ffff] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!LocalFree] [85e8c88b4808c083] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!ExpandEnvironmentStringsW] [c328c48348ffffc1] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!WideCharToMultiByte] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!FreeLibrary] [4de830244c8b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetLastError] [c328c48348ffffff] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetProcAddress] [cccccccccccccccc] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!LoadLibraryExA] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!DelayLoadFailureHook] [3de830244c8b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!Sleep] [c328c48348000000] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!SetUnhandledExceptionFilter] [cccccccccccccccc] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetModuleHandleW] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!QueryPerformanceCounter] [83483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetTickCount] [16e8c88b4828c0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetSystemTimeAsFileTime] [483024448b480000] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!UnhandledExceptionFilter] [95e8c88b4808c083] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetCommandLineW] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!SetErrorMode] [5483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!LoadLibraryExW] [e8c88b48000000a0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!GetProcessHeap] [28c48348ffffc0f4] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!CreateActCtxW] [ccccccccccccccc3] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!ActivateActCtx] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!RegQueryValueExW] [83483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!lstrcmpW] [483024448b48ffff] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!lstrlenW] [b5e8c88b4810c083] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!DeactivateActCtx] [c328c48348ffffc0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!ReleaseActCtx] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!SetProcessAffinityUpdateMode] [83480003b4e215ff] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!RegisterWaitForSingleObjectEx] [ccccccccccc328c4] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!RegOpenKeyExW] [ec834808244c8948] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!lstrcmpiW] [5483024448b4828] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!HeapSetInformation] [e8c88b48000001c0] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!RegDisablePredefinedCacheEx] [24448b48fffffe84] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!RegCloseKey] [48000000d8054830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!LCMapStringW] [48fffffe71e8c88b] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[KERNEL32.dll!HeapFree] [18c083483024448b] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcServerUnregisterIf] [c08501e083382444] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcServerUseProtseqEpW] [e830244c8b480a74] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!I_RpcMapWin32Status] [24448b48ffffbff4] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcMgmtSetServerStackSize] [ccccc328c4834830] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcServerRegisterIf] [cccccccccccccccc] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcMgmtStopServerListening] [244c894810245489] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcMgmtWaitServerListen] [4c8b4828ec834808] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcServerListen] [8bfffffdc9e83024] IAT C:\windows\system32\svchost.exe[2972] @ C:\windows\system32\svchost.exe[RPCRT4.dll!RpcServerUnregisterIfEx] [c08501e083382444] IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef49b6a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef498d840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef49b63e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef49b6a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef49b6a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef498d840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef49b6a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef49b6300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef49b64e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef4973370] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef49b6a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3232] @ C:\windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef4971800] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\svchost.exe [3024:3028] 00000000ff38246c Thread C:\windows\system32\svchost.exe [1404:2128] 00000000ff38246c Thread C:\windows\system32\svchost.exe [2348:2280] 00000000ff38246c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839dfa59984 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839dfa59984 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\Ewa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2XYLDB9\clients[1].txt 0 bytes File C:\Users\Ewa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUBINJAC\clients[1].txt 0 bytes ---- EOF - GMER 2.1 ----