Problems after being infected by malware

I was infected by some malware and even after getting a clean machine, I can no longer turn on the firewall cis. Enjoy the icon in the notification area indicating problems and run the diagnostic problems are encountered but the cis not resolve them, and generates a log file. Have reinstalled the application but the problem persists. What should I do to solve this problem? Thank you.

ps: my system is xp sp3 pro.

Just to be on the save side, do a scan with this application, its a rootkit scanner.

http://www.gmer.net/

Please post the results, thanks.

GMER 1.0.15.15279 - http://www.gmer.net Rootkit scan 2009-12-13 13:28:51 Windows 5.1.2600 Service Pack 3 Running: qo537g3w.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\uxtdypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwRequestWaitReplyPort [0xBAA323AA]

Code 89A3A500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\System32\DRIVERS\NDIS.SYS section is executable [0x899B2200, 0x32AAA, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[436] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[936] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040F950 C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050DF00 C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
? C:\WINDOWS\System32\svchost.exe[1384] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[2548] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dllunknown module: urlmon.dll
.text C:\WINDOWS\System32\svchost.exe[2548] USER32.dll!SetForegroundWindow 7E3742ED 8 Bytes [B8, 01, 00, 00, 00, C2, 04, …] {MOV EAX, 0x1; RET 0x4}
? C:\WINDOWS\System32\svchost.exe[3752] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7D8BF075] C:\WINDOWS\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[436] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7D8BF075] C:\WINDOWS\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[936] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00617290] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00617F50] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [00617670] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [00617240] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00617700] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00617C60] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [006172D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [00618060] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [006180D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [006180B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00617E40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [006174C0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617530] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [006173B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00617290] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00617670] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00617700] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00617240] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00617BA0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00617C60] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [00617E40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [00617530] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [006175D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [00617290] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00617E40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [00617240] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617530] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [00617C60] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [00617700] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618130] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1132] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [006182E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 46E90043 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001AA IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01AA38E8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] AC0FE856 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] B108E808 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] F0A4E800 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0001 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001A906 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001D67E8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0001F156 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E800439B IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000022DD IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001A999 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01AB68E8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 9B9C01C7 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] AB3BE856 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 01F009E8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7D8BF075] C:\WINDOWS\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] DEE85708 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001A8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001CC7E8 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 0001F0B6 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004 IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0008C280 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0010C280 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 75001C7D IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 0C7D831E IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 6A1E7501 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 03E86800 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 016A0000 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] FF0471FF IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 4382A415 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 18458B00 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 498BF175 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 74C98524 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 13E85106 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8B000101 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 20831845 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [40C03300] C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 006ADBEB IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] E406C708 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 830043A3 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 8B00FC65 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] C0852446 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 088B0A74 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 0851FF50

IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 00246683 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] FFFC4D83 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8514768B IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 560674F6 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 01F57EE8 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [406FE800] C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 04C20002 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F18B5600 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FFB4E856 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 44F6FFFF IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 74010824 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 3BE85607 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 590001F9 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] C25EC68B IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [408B0004] C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 74C08514 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 4CE85006 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] C30001F5 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 33002083 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 0018C280 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [004005B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 0024C280 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 1024448B IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] B8002083 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 80004001 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8B0010C2 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 83082444 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 02B80020 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C2800040 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] C0330008 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0014C240 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0824448B IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 000440C7 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33000002 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0008C2C0 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 18C2C033 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 330008C2 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 10C240C0 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 24448B00 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0020830C IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [004001B8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000CC280 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[2548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FC458D56 IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77F5ECE5] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77F56AAF] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77F56FFF] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77F5D767] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77F651B6] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77F64332] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77F56C27] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77F57852] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77F5E9F4] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77F642A0] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77F5EAE7] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77F57ABB] C:\WINDOWS\system32\ADVAPI32.dll (API de base do Windows 32 avançada/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77E561C1] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E55B70] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80CD48] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C838E18] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80D302] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80B8C9] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81116B] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809B84] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80E4DD] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C813133] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C84495D] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80DE95] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (DLL de nível do NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80A530] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C81127A] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C802446] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (DLL de nível do NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80934A] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C80BB04] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C801812] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C810B17] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C801A28] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C810E27] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C810800] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C809F91] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (DLL de nível do NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C901000] C:\WINDOWS\system32\ntdll.dll (DLL de nível do NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C834D71] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C802530] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C814B92] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C801629] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80A174] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C809C98] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C80E88C] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C80176F] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C813851] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80EE77] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834EE1] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C813879] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3752] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [899B9984] \WINDOWS\System32\DRIVERS\NDIS.SYS[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0xF4 0x9B 0xAF …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF8 0xC9 0xAE …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0x72 0x40 0xF3 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x1C 0x3C 0x00 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6C 0xF4 0x9B 0xAF …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF8 0xC9 0xAE …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0x72 0x40 0xF3 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x1C 0x3C 0x00 …
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212224/182656 bytes executable

---- EOF - GMER 1.0.15 ----

Hi there,

It looks like there are firewall drivers left from Jetico FW.

SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.)

And you can also “attach” the gmer report instead of having to copy/past it, using the “Additional Options” Below the Post box, click to expand and select Browse button to add the gmer report.

We need to get rid of the Jetico firewall (drivers) first before you can get CIS to function correctly…

I also don’t like the complain about the ndis.sys driver, can you please check your driver signatures with this tool here: Sigcheck - Sysinternals | Microsoft Learn

---

.reloc C:\WINDOWS\System32\DRIVERS\NDIS.SYS section is executable [0x899B2200, 0x32AAA, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[436] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[936] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

---

Looks like svchost.exe get's injected or something... probably by the ndis "driver".

My guess would be a MBR Rootkit variant based on this here…

It is known that the rootkit's main purpose is to act as an ultimate downloader. To be stealthy and effective it is essential that the rootkit does not trigger nor is blocked by personal firewalls. It is able to achieve this by operating in the lowest parts of the NDIS layer just above the physical hardware.

Source:http://www.f-secure.com/weblog/archives/00001393.html

C:\>sigcheck -u -e C:\WINDOWS\System32\DRIVERS\NDIS.SYS

Sigcheck v1.63 - File version and signature viewer
Copyright (C) 2004-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\system32\drivers\ndis.sys:
Verified: Unsigned
File date: 15:42 10/12/2009
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a

C:>

As that’s a low level system driver is say this is highly suspicious.
Can you replace this driver using Safe-Mode boot with out network?

Please check the version in C:\WINDOWS\system32\dllcache and see if that’s signed, if so replace the bad version with this one.

It could also be wise to do an “Offline scan” with a boot cd you could burn Avira’s rescue disk you can find here:

the version in C:\WINDOWS\system32\dllcache is not signed

C:\>sigcheck -u -e C:\WINDOWS\system32\dllcache\NDIS.SYS

Sigcheck v1.63 - File version and signature viewer
Copyright (C) 2004-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\system32\dllcache\ndis.sys:
Verified: Unsigned
File date: 15:42 10/12/2009
Publisher: Microsoft Corporation
Description: NDIS 5.1 wrapper driver
Product: Microsoft® Windows® Operating System
Version: 5.1.2600.5512
File version: 5.1.2600.5512 (xpsp.080413-0852)

C:>

Do you have the original disk that came with the computer?

Here is mine from a XP sp3 system.
c:\windows\system32\drivers\ndis.sys:
Verified: Signed
Signing date: 3:07 AM 4/14/2008
Publisher: Microsoft Corporation
Description: NDIS 5.1 wrapper driver
Product: Microsoft« Windows« Operating System
Version: 5.1.2600.5512
File version: 5.1.2600.5512 (xpsp.080413-0852)

Yes, I have the original disk. How can I restore this file from the cd?

Print this post here and look for the “Expand” option.

I would also strongly suggest to scan with the Avira Rescue CD before trying this see what turns up.

ok, where is the ndis.sys file in cd?

I guess somewhere in the i386 folder but i think you need to search the cd before you boot in safe-mode and write it down… it’s probably named ndis.sy_ or something similar…

ok, I already retore the original ndis.sys and cis is working now, but de sign program tell “No matching files were found.” to restored file.

Did you run the avira rescue cd? I suspect there are more “infections” present on your system… it should not be limited to ndis.sys only… otherwise please read this post here:

And I’m not sure what you mean with:

but de sign program tell "No matching files were found." to restored file.

Can you please expand on this?

Yes, I scanned the cd and avira found a protector rootkit (Ndis.sys). When I run the program verifier signature it gives me this message "No matching files were found. What does this mean? Is everything ok with the file that I restored?

Yes please remove the extra parameters you used, only sigcheck should display the “signed” version…

Ok, problem is solved.
Thank you very much.