GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-11 10:30:27 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-22UST0 rev.01.01A01 Running: icoh8v96.exe; Driver: C:\Users\Slawek\AppData\Local\Temp\pwkoipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8F263992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8F2653FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8F265674] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8F2658E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8F2642AA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8F264A52] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8F264E4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8F2644C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8F264D34] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8F263582] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8F264C08] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8F26372A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8F264F6E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8F263F32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8F264030] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8F264C9E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8F266596] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8F267716] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8F264694] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8F266688] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8F266D62] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8F264EE4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8F264336] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8F264DC4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8F263BDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8F266AFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8F265004] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8F263AD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8F265B30] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8F26709C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8F26698E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8F265368] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8F26522E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8F266330] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8F2675B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8F26479C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8F26414C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8F265BD2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8F266790] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8F2671EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8F2672DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8F267418] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8F2664BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8F263D7C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8F263CD2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8F266F40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8F263E68] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8D599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 82CB9730 4 Bytes [92, 39, 26, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82CB9758 8 Bytes [FA, 53, 26, 8F, 74, 56, 26, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 28C 82CB979C 4 Bytes [E6, 58, 26, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82CB97C8 4 Bytes CALL A90E424F .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CB97EC 4 Bytes [52, 4A, 26, 8F] .text ... ? System32\Drivers\spmo.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 90B28CA0 5 Bytes JMP 865642D8 .text azzvtaeq.SYS 91227000 12 Bytes [44, 88, C1, 82, EE, 86, C1, ...] .text azzvtaeq.SYS 9122700D 9 Bytes [67, C1, 82, 48, 8B, C1, 82, ...] {ROL DWORD [BP+SI-0x74b8], 0xc1; ADD BYTE [EAX], 0x0} .text azzvtaeq.SYS 91227017 170 Bytes [00, DE, 97, F2, 83, E6, 95, ...] .text azzvtaeq.SYS 912270C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text azzvtaeq.SYS 912270CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9ADFB300, 0x1B7E, 0xE8000020] ? C:\Users\Slawek\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1848] kernel32.dll!SetUnhandledExceptionFilter 768C3162 4 Bytes JMP 630A8FA9 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1848] ole32.dll!OleLoadFromStream 75605BF6 5 Bytes JMP 635E86A0 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] USER32.dll!NotifyWinEvent + 48B 7530F724 4 Bytes [70, 11, 46, 6C] {JO 0x13; INC ESI; INSB } ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] USER32.dll!NotifyWinEvent + 48B 7530F724 4 Bytes [70, 11, 46, 6C] {JO 0x13; INC ESI; INSB } .text C:\Program Files\PeerBlock\peerblock.exe[2920] kernel32.dll!SetUnhandledExceptionFilter 768C3162 5 Bytes JMP 0122B280 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83E2D042] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83E2D6D6] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83E2D800] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [83E2D13E] \SystemRoot\System32\Drivers\spmo.sys IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\azzvtaeq.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00750240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 007502B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00750320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00750390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00750A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00750B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00750B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00750BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 76950D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 76950DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00750C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 76950E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 76950E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 76950EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 76950F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CF0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00CF0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00CF00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00CF0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00CF01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00750CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00750D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CF0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00CF02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00CF0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00CF0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00CF0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00CF0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 00CF04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00750F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 76FD05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 76FD0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 76FD0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00CF07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00CF0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00CF08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00CF0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00CF09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00CF0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00CF0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 76FD08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00CF0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CF0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 00CF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 76FD0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 76FD0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00C400F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00D00470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00D004E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00D00550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00C40160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 00C40240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00D005C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00D00630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00D006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00D00710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00D00780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00D007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00D00860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00D008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00D00940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00D009B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 00C40E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 00C40E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 00C50010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 01020E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 00C50080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01020E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 01020EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 01020F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 01030010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 01030080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 010300F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 01030160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00C60A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00C60A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00C60B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01050860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 010508D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 76950400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 769500F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 769502B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 76950320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769505C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 76FD02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 769504E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769505C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 76950470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 76950320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 76950390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 769500F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 769501D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 769502B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 76950160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 76FD01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1920] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 76950240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 011C0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 011C02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 011C0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 011C0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 011C0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 011C0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 011C0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 011C0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 76950D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 76950DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 011C0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 76950E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 76950E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 76950EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 76950F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 022D0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 022D0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 022D00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 022D0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 022D01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 011C0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 011C0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 022D0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 022D02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 022D0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 022D0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 022D0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 022D0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 022D04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 011C0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 76FD05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 76FD0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 76FD0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 022D07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 022D0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 022D08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 022D0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 022D09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 022D0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 022D0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 76FD08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 022D0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 022D0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 022D0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 76FD0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 76FD0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 011D00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 022E0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 022E04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 022E0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 011D0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 011D0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 022E05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 022E0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 022E06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 022E0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 022E0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 022E07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 022E0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 022E08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 022E0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 022E09B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 022E0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 011D0E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 011D0E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 011E0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 022F0E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 011E0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 022F0E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 022F0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 022F0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 02300010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 02300080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 023000F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 02300160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 016D0A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 016D0A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 016D0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 02320860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 023208D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 76FD0080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2060] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 76FD0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8564C1F8 Device \Driver\volmgr \Device\VolMgrControl 856671F8 Device \Driver\usbuhci \Device\USBPDO-0 869B21F8 Device \Driver\usbuhci \Device\USBPDO-1 869B21F8 Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-2 868DD500 Device \Driver\usbuhci \Device\USBPDO-3 869B21F8 Device \Driver\usbuhci \Device\USBPDO-4 869B21F8 AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\usbuhci \Device\USBPDO-5 869B21F8 Device \Driver\usbehci \Device\USBPDO-6 868DD500 Device \Driver\volmgr \Device\HarddiskVolume1 856671F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 856671F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 867041F8 Device \Driver\PCI_PNP1787 \Device\00000059 spmo.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856491F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 856491F8 Device \Driver\atapi \Device\Ide\IdePort0 856491F8 Device \Driver\atapi \Device\Ide\IdePort1 856491F8 Device \Driver\atapi \Device\Ide\IdePort2 856491F8 Device \Driver\atapi \Device\Ide\IdePort3 856491F8 Device \Driver\atapi \Device\Ide\IdePort4 856491F8 Device \Driver\msahci \Device\Ide\PciIde1Channel0 8564A1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel1 8564A1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel2 8564A1F8 Device \Driver\cdrom \Device\CdRom1 867041F8 Device \Driver\cdrom \Device\CdRom2 867041F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{55CA2B6E-B05C-44C1-BB25-FD30AD54E208} 8685B500 Device \Driver\NetBT \Device\NetBt_Wins_Export 8685B500 AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\usbuhci \Device\USBFDO-0 869B21F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B0470ECD-1242-4EFA-A1E5-8819D0CF8455} 8685B500 Device \Driver\usbuhci \Device\USBFDO-1 869B21F8 Device \Driver\sptd \Device\1218221793 spmo.sys Device \Driver\usbehci \Device\USBFDO-2 868DD500 Device \Driver\usbuhci \Device\USBFDO-3 869B21F8 Device \Driver\usbuhci \Device\USBFDO-4 869B21F8 Device \Driver\usbuhci \Device\USBFDO-5 869B21F8 Device \Driver\usbehci \Device\USBFDO-6 868DD500 Device \Driver\azzvtaeq \Device\Scsi\azzvtaeq1Port6Path0Target0Lun0 866E21F8 Device \Driver\azzvtaeq \Device\Scsi\azzvtaeq1 866E21F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0xAC 0x8D 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x22 0xA2 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0x25 0x04 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x53 0x09 0x9F 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0xAC 0x8D 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x22 0xA2 0x61 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0x25 0x04 0x0F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x53 0x09 0x9F 0xAB ... ---- Files - GMER 1.0.15 ---- File C:\Users\Slawek\AppData\Local\Opera\Opera\cache\sesn\opr01EWS.tmp 32238 bytes File C:\Users\Slawek\AppData\Local\Opera\Opera\cache\sesn\opr01EWT.tmp 32283 bytes ---- EOF - GMER 1.0.15 ----