GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-12 14:37:58 Windows 5.1.2600 Dodatek Service Pack 3 Running: kxhgo2wr.exe; Driver: C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\uwxyqpob.sys ---- System - GMER 1.0.15 ---- Code 89D740E0 pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- PAGE Ntfs.sys B9E7FE55 4 Bytes CALL 8901A661 .reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x89D47200, 0x3252A, 0xE0000060] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB57C0360, 0x35483F, 0xE8000020] .text C:\WINDOWS\system32\drivers\aec.sys section is writeable [0xB2502280, 0x6B020, 0xE0000020] ? C:\WINDOWS\system32\drivers\aec.sys Urządzenie podłączone do komputera nie działa. .text pxueiurt.SYS B06BB000 12 Bytes JMP B070CBC2 \SystemRoot\System32\Drivers\pxueiurt.SYS .text pxueiurt.SYS B06BB00D 5 Bytes [00, 9C, E9, F6, 19] .text pxueiurt.SYS B06BB014 4 Bytes JMP B06BBD7E \SystemRoot\System32\Drivers\pxueiurt.SYS .text pxueiurt.SYS B06BB019 9 Bytes CALL A95B8264 .text pxueiurt.SYS B06BB023 51 Bytes [6C, 24, 30, 66, 81, C3, E5, ...] .text ... ? C:\WINDOWS\System32\Drivers\pxueiurt.SYS Urządzenie podłączone do komputera nie działa. ---- User code sections - GMER 1.0.15 ---- C:\WINDOWS\system32\EXPLORER.EXE[1688] C:\WINDOWS\system32\EXPLORER.EXE unknown last code section [0x0041B000, 0xA05, 0xE0000020] .text C:\WINDOWS\system32\EXPLORER.EXE[1688] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 61, 4C, 01] ? C:\WINDOWS\System32\svchost.exe[2580] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[2588] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[2596] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[2640] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dllunknown module: urlmon.dll .text C:\WINDOWS\System32\svchost.exe[2640] USER32.dll!SetForegroundWindow 7E3742ED 8 Bytes [B8, 01, 00, 00, 00, C2, 04, ...] {MOV EAX, 0x1; RET 0x4} ? C:\WINDOWS\System32\svchost.exe[2648] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dllunknown module: urlmon.dll .text C:\WINDOWS\System32\svchost.exe[2648] USER32.dll!SetForegroundWindow 7E3742ED 8 Bytes [B8, 01, 00, 00, 00, C2, 04, ...] {MOV EAX, 0x1; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [01628782] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [016287C4] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [01628629] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [01628782] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileA] [016287C4] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [01628629] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [01628629] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [016287C4] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [01628782] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] [01628629] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FindNextFileA] [016287C4] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FindFirstFileA] [01628782] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [016285CF] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [01628532] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] [01628629] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesW] [0162865A] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileA] [01628782] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileW] [016287A3] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FindNextFileA] [016287C4] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FindNextFileW] [016287E5] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [016284ED] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\system32\EXPLORER.EXE[1688] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0162859E] C:\DOCUME~1\PPPPPP~1\USTAWI~1\Temp\VGod.DLL IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2580] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2588] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] FB8401C7 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] DCE90043 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043FB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01B9CEE8 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] BA72E856 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01BAC3E8 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0206B2E8 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8EE8F075 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001B8 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001F05 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 64E8C68B IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000207 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FB9006C7 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 71E80043 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000023 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 30E95ECE IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 560001B9 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] DBE8F18B IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] F6FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 01082444 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] E8560774 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0001B9CC IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 082474FF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 86E8F18B IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] C7FFFFFF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 43FB9C06 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5EC68B00 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C70004C2 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 43FB9C01 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] FFA4E900 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B56FFFF IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9C06C7F1 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFFFFF96 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 56077401 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 01B987E8 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] C68B5900 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] EFB8046A IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] E8004399 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7589F18B IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 087D8BF0 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B858E857 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 65830001 IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C78300FC IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4E8D570C IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E80043FB IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00001E4D IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 75001C7D IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C7D831E IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 6A1E7501 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 03E86800 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 016A0000 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] FF0471FF IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 43B2C015 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 18458B00 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 18C25DC0 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 0C7D8100 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000113 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 498BF175 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 20831845 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 40C03300 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 006ADBEB IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 437BF3B8 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 8124E800 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 758B0002 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 2406C708 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 088B0A74 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0851FF50 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 00246683 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FFFC4D83 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8514768B IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 560674F6 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 022FE8E8 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 818FE800 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 04C20002 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F18B5600 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFB4E856 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 44F6FFFF IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 74010824 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] A5E85607 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 59000233 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] C25EC68B IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 408B0004 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 74C08514 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B6E85006 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] C300022F IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0824448B IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0018C280 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 0024C280 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 1024448B IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] B8002083 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 80004001 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8B0010C2 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 83082444 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 02B80020 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 01B80008 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] C0330004 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0014C240 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0824448B IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 880440C7 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33088888 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 18C2C033 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 330008C2 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 10C240C0 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 24448B00 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0020830C IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [004001B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000CC280 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[2640] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FC458D56 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 75001C7D IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C7D831E IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 6A1E7501 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 03E86800 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 016A0000 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] FF0471FF IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 43B2C015 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 18458B00 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 18C25DC0 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 0C7D8100 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000113 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 498BF175 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 20831845 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 40C03300 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 006ADBEB IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 437BF3B8 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 8124E800 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 758B0002 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 2406C708 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 088B0A74 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0851FF50 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 00246683 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FFFC4D83 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8514768B IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 560674F6 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 022FE8E8 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 818FE800 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 04C20002 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F18B5600 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFB4E856 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 44F6FFFF IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 74010824 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] A5E85607 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 59000233 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] C25EC68B IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 408B0004 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 74C08514 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] B6E85006 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] C300022F IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0824448B IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0018C280 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 0024C280 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 1024448B IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] B8002083 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 80004001 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8B0010C2 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 83082444 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 02B80020 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 01B80008 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] C0330004 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0014C240 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0824448B IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 880440C7 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33088888 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 18C2C033 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 330008C2 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 10C240C0 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 24448B00 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0020830C IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [004001B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000CC280 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[2648] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FC458D56 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 890320B0 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\NDIS \Device\Ndis [89D4E984] NDIS.sys[.reloc] Device \Driver\Tcpip \Device\Ip 89014298 Device \Driver\Tcpip \Device\Tcp 89014298 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Tcpip \Device\Udp 89014298 Device \Driver\Tcpip \Device\RawIp 89014298 Device \Driver\Tcpip \Device\IPMULTICAST 89014298 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\aec.sys (*** hidden *** ) [MANUAL] aec <-- ROOTKIT !!! Service (*** hidden *** ) [BOOT] pxueiurt <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@ImagePath system32\drivers\aec.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aec@DisplayName Microsoft Kernel Acoustic Echo Canceller Reg HKLM\SYSTEM\CurrentControlSet\Services\aec\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\aec\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\pxueiurt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\pxueiurt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\pxueiurt@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\pxueiurt@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\gry\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xE7 0x37 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE2 0x4C 0xF8 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xEE 0xC1 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\Services\aec@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\aec@Start 3 Reg HKLM\SYSTEM\ControlSet002\Services\aec@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\Services\aec@ImagePath system32\drivers\aec.sys Reg HKLM\SYSTEM\ControlSet002\Services\aec@DisplayName Microsoft Kernel Acoustic Echo Canceller Reg HKLM\SYSTEM\ControlSet002\Services\aec\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\aec\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\gry\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xE7 0x37 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE2 0x4C 0xF8 0xDC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xEE 0xC1 0xF4 ... ---- EOF - GMER 1.0.15 ----