GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-20 19:28:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1600AAJS-00PSA0 rev.05.06H05 149,05GB Running: yglfqjeg.exe; Driver: C:\DOCUME~1\UŻYTKO~1\USTAWI~1\Temp\afxyqkoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xB45E7A7E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xB458340C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xB459A5F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xB4583984] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xB458386A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xB459A91E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcess [0xB45E9A80] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcessEx [0xB45E9C9C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xB45EABC2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xB4583AA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xB45EA1C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xB459A9EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xB45E9926] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteKey [0xB4594674] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteValueKey [0xB4595E5C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xB4583450] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xB45E7BC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateKey [0xB4595668] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateValueKey [0xB4595FFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xB45E7828] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey [0xB45951AC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey2 [0xB4595404] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xB45EA9BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xB4598DB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xB4583A1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xB45838FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xB45E9466] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xB45EAE6E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xB4583B3A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xB45E9EBC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryKey [0xB45944A8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryMultipleValueKey [0xB4595C6A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xB4598FBE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryValueKey [0xB4595A5E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xB45EA86E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRenameKey [0xB4594788] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplaceKey [0xB4594DFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xB459AC2C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xB459AABA] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xB459AB70] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xB459AC9C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRestoreKey [0xB4595000] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xB45EA598] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKey [0xB459492C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKeyEx [0xB4594AC2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveMergedKeys [0xB4594C5E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xB459A786] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xB45EA6F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xB4583BC4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xB45E7932] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetValueKey [0xB4595828] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xB45E966E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xB45EA440] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xB4583BD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xB45E97CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xB45EA0BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xB45EAFD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xB45EAD00] Code B876547C ZwRequestPort Code B876547B NtRequestPort ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2450 80501CAC 2 Bytes [7E, 7A] {JLE 0x7c} .text ntkrnlpa.exe!ZwCallbackReturn + 24A0 80501CFC 2 Bytes [F8, A5] {CLC ; MOVSD } .text ntkrnlpa.exe!ZwCallbackReturn + 24DC 80501D38 2 Bytes [1E, A9] .text ntkrnlpa.exe!ZwCallbackReturn + 24DF 80501D3B 9 Bytes [B4, 80, 9A, 5E, B4, 9C, 9C, ...] {MOV AH, 0x80; CALL FAR 0xb45e:0x9c9cb45e} .text ntkrnlpa.exe!ZwCallbackReturn + 2504 80501D60 2 Bytes [EC, A9] .text ... PAGE ntkrnlpa.exe!NtRequestPort 80597FA4 5 Bytes JMP B8765480 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70EC380, 0x3DF295, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, DB, 00] {SUB [EAX], DL; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, DB, 00] {SUB [EBX], DL; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, DB, 00] {TEST AL, 0x11; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B12A .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, DB, 00] {TEST AL, 0x12; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B19B .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, DB, 00] {TEST AL, 0x10; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B2C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, DB, 00] {SUB [ECX], DL; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, DB, 00] {SUB [EDX], DL; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 24, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 27, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 24, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 25, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC3E .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 26, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 25, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 26, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ECAF .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 24, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDDD .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 25, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 26, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 27, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[320] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1800] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6CA4209E C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1800] C:\WINDOWS\system32\ole32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1800] USER32.dll!AlignRects 7E362A78 4 Bytes [BB, 30, A4, 6C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 08, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0B, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 08, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 09, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BE22 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 09, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BE93 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 08, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BFC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 09, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0A, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0B, E8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2592] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6CA4209E C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2592] C:\WINDOWS\system32\ole32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2592] USER32.dll!AlignRects 7E362A78 4 Bytes [BB, 30, A4, 6C] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 10, C4, 01] {SBB [EAX], DL; LES EAX, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys Device \Driver\afxyqkoc \Device\afxyqkoc afxyqkoc.sys AttachedDevice \Driver\Tcpip \Device\Tcp {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys AttachedDevice \Driver\Tcpip \Device\Udp {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----