GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-16 18:46:27 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0001 298,09GB Running: lyyiz9yg.exe; Driver: C:\DOCUME~1\Agent\USTAWI~1\Temp\uxtdypow.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwAdjustPrivilegesToken [0x9F476690] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwClose [0x9F476F94] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwConnectPort [0x9F477DC8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateEvent [0x9F478312] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateFile [0x9F477270] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateKey [0x9F475500] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateMutant [0x9F4781F8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateNamedPipeFile [0x9F47627E] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreatePort [0x9F4780CC] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateSection [0x9F476426] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateSemaphore [0x9F478432] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateThread [0x9F476C1C] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwCreateWaitablePort [0x9F478162] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwDebugActiveProcess [0x9F479B1A] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwDeleteKey [0x9F475B0A] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwDeleteValueKey [0x9F475EBE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwDeviceIoControlFile [0x9F4776F2] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwDuplicateObject [0x9F47AD26] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwEnumerateKey [0x9F47600A] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwEnumerateValueKey [0x9F4760A2] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwFsControlFile [0x9F477500] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwLoadDriver [0x9F479C0C] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwLoadKey [0x9F4754DC] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwLoadKey2 [0x9F4754EE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwMapViewOfSection [0x9F47A374] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwNotifyChangeKey [0x9F4761CE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenEvent [0x9F4783A8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenFile [0x9F477016] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenKey [0x9F4756C0] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenMutant [0x9F478288] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenProcess [0x9F4768CC] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenSection [0x9F47A10E] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenSemaphore [0x9F4784C8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwOpenThread [0x9F4767BE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwQueryKey [0x9F47613A] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwQueryMultipleValueKey [0x9F475D72] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwQuerySection [0x9F47A6AE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwQueryValueKey [0x9F47599C] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwQueueApcThread [0x9F479FA0] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwRenameKey [0x9F475C2C] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwReplaceKey [0x9F474F16] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwReplyPort [0x9F47882C] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwReplyWaitReceivePort [0x9F4786F2] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwRequestWaitReplyPort [0x9F4798B4] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwRestoreKey [0x9F47528E] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwResumeThread [0x9F47ABC8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSaveKey [0x9F474EAE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSecureConnectPort [0x9F477B0E] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSetContextThread [0x9F476E38] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSetInformationToken [0x9F479154] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSetSecurityObject [0x9F479DAA] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSetSystemInformation [0x9F47A7FE] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSetValueKey [0x9F475816] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSuspendProcess [0x9F47A8F0] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSuspendThread [0x9F47AA2A] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwSystemDebugControl [0x9F479A3E] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwTerminateProcess [0x9F476A68] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwTerminateThread [0x9F4769C8] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwUnmapViewOfSection [0x9F47A552] SSDT \SystemRoot\system32\DRIVERS\3734595drv.sys ZwWriteVirtualMemory [0x9F476B52] Code \SystemRoot\system32\DRIVERS\3734595drv.sys FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\3734595drv.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP 9F468FD0 \SystemRoot\system32\DRIVERS\3734595drv.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF92C 5 Bytes JMP 9F4693AC \SystemRoot\system32\DRIVERS\3734595drv.sys .text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [0C, 9C, 47, 9F, DC, 54, 47, ...] {OR AL, 0x9c; INC EDI; LAHF ; FCOM QWORD [EDI+EAX*2-0x61]; OUT DX, AL; PUSH ESP; INC EDI; LAHF } .text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 80504794 16 Bytes [2C, 5C, 47, 9F, 16, 4F, 47, ...] {SUB AL, 0x5c; INC EDI; LAHF ; PUSH SS; DEC EDI; INC EDI; LAHF ; SUB AL, 0x88; INC EDI; LAHF ; XCHG [EDI-0x61], AL} .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [F0, A8, 47, 9F, 2A, AA, 47, ...] {TEST AL, 0x47; LAHF ; SUB CH, [EDX-0x65c160b9]; INC EDI; LAHF } ? system32\DRIVERS\3734595drv.sys System nie może odnaleźć określonej ścieżki. ! ? system32\DRIVERS\93318618.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1292] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe ? C:\WINDOWS\system32\svchost.exe[1916] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll ? C:\WINDOWS\system32\svchost.exe[3092] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll ---- User IAT/EAT - GMER 2.0 ---- IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DCF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DEC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C80] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F24DF2] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B12] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C812847] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C92AA79] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C90FE30] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809806] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C821982] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918477] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [7C802213] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80AC7E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [7C80AE40] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D53] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1916] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DCF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DEC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C80] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F24DF2] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B12] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C812847] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C92AA79] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C90FE30] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809806] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C821982] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C918477] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [7C802213] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80AC7E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [7C80AE40] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D53] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3092] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) ---- EOF - GMER 2.0 ----