GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-24 20:56:40 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 Running: gmer.exe; Driver: C:\Users\Patrycja\AppData\Local\Temp\fwtdakob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8A75ADAA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8A75CFE8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8A75D262] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8A75D4D8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8A75B6BE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8A75C4F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8A75CA3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8A75B99A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8A75C922] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8A75A998] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8A75C7F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8A75AB40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8A75CB5C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8A75B344] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8A75B442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8A75D722] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8A75C88C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8A75E24A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8A75BE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8A75F458] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8A75BC2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8A75E33C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8A75EAA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8A75CAD2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8A75B740] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8A75C9B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8A75AFE8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8A75E83E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8A75CBF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8A75AED8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8A75D7DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8A75EDDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8A75E6D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8A759652] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8A75CF56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8A75CE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8A75DFE4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8A7599CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8A75F2FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8A7595EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8A75C238] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8A75B560] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8A75D87E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8A75E4DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8A75EF2E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8A75F020] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8A75F15A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8A75E16E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8A75B18E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8A75B0E4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8A75EC82] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8A75B27A] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C708A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C90312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1397 82C975A4 4 Bytes [AA, AD, 75, 8A] {STOSB ; LODSD ; JNZ 0xffffffffffffff8e} .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C975CC 8 Bytes CALL E553EBA0 .text ntoskrnl.exe!KeRemoveQueueEx + 1403 82C97610 4 Bytes [D8, D4, 75, 8A] {FCOM ST(4); JNZ 0xffffffffffffff8e} .text ntoskrnl.exe!KeRemoveQueueEx + 142F 82C9763C 4 Bytes JMP 75B6BE82 \Windows\System32\msctf.dll (MSCTF Server DLL/Microsoft Corporation) .text ntoskrnl.exe!KeRemoveQueueEx + 1453 82C97660 4 Bytes [F2, C4, 75, 8A] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] USER32.dll!NotifyWinEvent + 48B 7578F724 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB } ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] USER32.dll!NotifyWinEvent + 48B 7578F724 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB } ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00360240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003602B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00360320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00360390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 772907F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77290860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 772909B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00B20B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77290A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B20BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00B20C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00B20CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77290A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77290B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00370160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003701D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00370240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00370320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 758407F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 75840860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 758408D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 003704E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 758409B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00370B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00370B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00370BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00370C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 75840E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00370CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 75840E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75840F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00F00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00370D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00370DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00F00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00F000F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00F00160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 00F001D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003901D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003902B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00F10400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00F10470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00F104E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00F10550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00F105C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00F10630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003908D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00390940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003909B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00390A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77290010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77290010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77290010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77290010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 75840010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 758400F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 75840160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 758401D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 77290320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 772901D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 75840160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 75840010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 75840080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1556] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 758400F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00380240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003802B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00380320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00380390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 772907F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77290860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 772909B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 01B40B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77290A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01B40BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 01B40C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 01B40CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77290A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77290B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00390160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003901D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00390240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00390320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 758407F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 75840860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 758408D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 003904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 758409B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00390B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00390B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00390BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00390C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 75840E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00390CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 75840E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75840EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75840F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 01C60010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00390D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00390DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01C60080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 01C600F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 01C60160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 01C601D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003C01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003C02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01CB0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01CB0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01CB04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01CB0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01CB05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01CB0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003C08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003C0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003C09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 003C0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77290010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77290080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[3328] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77290010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- EOF - GMER 1.0.15 ----