GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-22 17:07:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950056 rev.SD24 465,76GB Running: cffn59ef.exe; Driver: C:\Users\Misa\AppData\Local\Temp\kftciaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000779dfaa8 5 bytes JMP 0000000174e519b0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0038 5 bytes JMP 0000000174e52066 .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076101465 2 bytes [10, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761014bb 2 bytes [10, 76] .text ... * 2 .text C:\Windows\AsScrPro.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076101465 2 bytes [10, 76] .text C:\Windows\AsScrPro.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761014bb 2 bytes [10, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076101465 2 bytes [10, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761014bb 2 bytes [10, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880034dbea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2792:5420] 000007fefb2c9688 ---- EOF - GMER 2.1 ----