GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-08 10:24:09 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000062 STM33204 rev.CC38 Running: qgjsz1bh.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwddykog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9486228A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9487C342] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9487C678] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9487C9EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x94862D04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9487C02A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x94863276] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x94863164] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9487C4E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x94862046] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9486338E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x948628BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x94862A2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x948634A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9487C5B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9486374E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x94862D46] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94864750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94863840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x94863DAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x9487A840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94863308] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x948631F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x948624C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94863B90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94863420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x948623B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9486355C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x9487AA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x948640D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x948639E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9487C7DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9487C72A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9487C848] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x948645F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9487C1B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x94862BA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x948635FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x94864222] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x94864316] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94864450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94863670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x94862664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x948625BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94863F8A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x94862750] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82A88349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC1D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82AC8D8C 4 Bytes [8A, 22, 86, 94] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82AC8DB4 8 Bytes [42, C3, 87, 94, 78, C6, 87, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82AC8DF8 4 Bytes [EE, C9, 87, 94] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82AC8E24 4 Bytes [04, 2D, 86, 94] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82AC8E48 4 Bytes [2A, C0, 87, 94] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95C26000, 0x396C95, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] ntdll.dll!NtProtectVirtualMemory 77D95F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] USER32.dll!NotifyWinEvent + 6AE 7629D66C 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] ntdll.dll!NtProtectVirtualMemory 77D95F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] USER32.dll!NotifyWinEvent + 6AE 7629D66C 4 Bytes [E0, 13, 54, 67] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6 77D955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B 77D955D3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 1 Byte [28] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B 77D95C33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6 77D95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B 77D95CE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6 77D95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B 77D95D93 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + 6 77D95D9E 4 Bytes CALL 76D964A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B 77D95DA3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6 77D95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B 77D95DB3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6 77D95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B 77D95E13 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6 77D95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B 77D95E23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + 6 77D95E2E 4 Bytes CALL 76D96535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B 77D95E33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6 77D95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B 77D95F43 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + 6 77D95FEE 4 Bytes CALL 76D966F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B 77D95FF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6 77D9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B 77D96643 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6 77D9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B 77D966A3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 1 Byte [68] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B 77D969C3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + 6 77D955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + B 77D955D3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 1 Byte [28] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + B 77D95C33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + 6 77D95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + B 77D95CE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + 6 77D95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + B 77D95D93 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + 6 77D95D9E 4 Bytes CALL 76D964A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + B 77D95DA3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + 6 77D95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + B 77D95DB3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + 6 77D95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + B 77D95E13 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + 6 77D95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + B 77D95E23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + 6 77D95E2E 4 Bytes CALL 76D96535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + B 77D95E33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + 6 77D95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + B 77D95F43 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + 6 77D95FEE 4 Bytes CALL 76D966F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + B 77D95FF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + 6 77D9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + B 77D96643 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + 6 77D9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + B 77D966A3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 1 Byte [68] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + B 77D969C3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 77D955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 77D955D3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 1 Byte [28] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 77D95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 77D95C33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 77D95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 77D95CE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 77D95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 77D95D93 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + 6 77D95D9E 4 Bytes CALL 76D964A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 77D95DA3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 77D95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 77D95DB3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 77D95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 77D95E13 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 77D95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 77D95E23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + 6 77D95E2E 4 Bytes CALL 76D96535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 77D95E33 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 77D95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 77D95F43 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + 6 77D95FEE 4 Bytes CALL 76D966F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 77D95FF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 77D9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 77D96643 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 77D9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 77D966A3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 1 Byte [68] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 77D969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 77D969C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[800] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec@3c8bfe1fb512 0xAD 0x94 0x50 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec@0026e2113b88 0xB2 0x45 0xAF 0xFB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec@3c8bfe1fb512 0xAD 0x94 0x50 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec@0026e2113b88 0xB2 0x45 0xAF 0xFB ... ---- EOF - GMER 1.0.15 ----