GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-28 13:45:05 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD503HI rev.1AJ10001 Running: ciqt8ys5.exe; Driver: C:\Users\MAYSZ~1\AppData\Local\Temp\ugrdrpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91A7D0C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91A30D66] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91A310AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91A314F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91A1979E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91A30A40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91A19D16] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91A19BFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91A30F12] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91A7FF2C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91A19E36] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x91A40B10] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91A7F3C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91A7F604] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91A7F068] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91A30FE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91A7EF0E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91A197E2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91A7D204] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91A7CE6C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91A40B30] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x91A2F1D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91A19DAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91A19C8C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91A7EAB6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91A801D8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91A19ECC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91A7F120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x91A40B20] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91A19F56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x91A2F3DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91A7FBDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91A312D8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91A31166] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0x91A3121C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91A31348] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91A7F906] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91A30BCE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91A7FA62] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91A19FF8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91A7CF76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91A7EC56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91A7F7AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91A1A00A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91A7EDB6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91A7F2C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91A80340] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91A8006A] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83044839 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830693F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 83070BB0 4 Bytes [C2, D0, A7, 91] {RET 0xa7d0; XCHG ECX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 248 83070BD8 8 Bytes [66, 0D, A3, 91, AE, 10, A3, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 28C 83070C1C 4 Bytes [F4, 14, A3, 91] {HLT ; ADC AL, 0xa3; XCHG ECX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 83070C48 4 Bytes [9E, 97, A1, 91] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 83070C6C 4 Bytes [40, 0A, A3, 91] .text ... ? System32\Drivers\spos.sys System nie może odnaleźć określonej ścieżki. ! PAGE ataport.SYS!DllUnload + 1 8C9DDAD7 4 Bytes JMP 8613E1D9 .text USBPORT.SYS!DllUnload 9219BCA0 5 Bytes JMP 874EA1D8 .text aa99vn7c.SYS 98879000 12 Bytes [44, 78, 41, 83, EE, 76, 41, ...] .text aa99vn7c.SYS 9887900D 9 Bytes [57, 41, 83, 48, 7B, 41, 83, ...] {PUSH EDI; INC ECX; OR DWORD [EAX+0x7b], 0x41; ADD DWORD [EAX], 0x0} .text aa99vn7c.SYS 98879017 111 Bytes [00, DE, 47, 31, 84, E6, 45, ...] .text aa99vn7c.SYS 98879087 58 Bytes [83, F6, BB, 06, 83, DC, 83, ...] .text aa99vn7c.SYS 988790C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA075C000, 0xBB22, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA0770300, 0x1BEE, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A1D9E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A1D9E123 629 Bytes [95, D9, A1, FE, 05, 34, 95, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A1D9E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A1D9E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A1D9E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] ntdll.dll!NtProtectVirtualMemory 77245000 5 Bytes JMP 72291A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] user32.dll!NotifyWinEvent + 48B 76CDF724 4 Bytes [53, 2A, 29, 72] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] ntdll.dll!NtProtectVirtualMemory 77245000 5 Bytes JMP 72291A54 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] user32.dll!NotifyWinEvent + 48B 76CDF724 4 Bytes [53, 2A, 29, 72] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [84218042] \SystemRoot\System32\Drivers\spos.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [842186D6] \SystemRoot\System32\Drivers\spos.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [84218800] \SystemRoot\System32\Drivers\spos.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8421813E] \SystemRoot\System32\Drivers\spos.sys IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortNotification] [00147880] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\aa99vn7c.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E224FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E0565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E05719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E22575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E185D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E14D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E15134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E15209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E16736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E18330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E1887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E190E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E1E283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E14CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1696] @ C:\Windows\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2688] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2864] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 861441F8 Device \Driver\volmgr \Device\VolMgrControl 861401F8 Device \Driver\usbohci \Device\USBPDO-0 876411F8 Device \Driver\usbehci \Device\USBPDO-1 876421F8 Device \Driver\usbohci \Device\USBPDO-2 876411F8 Device \Driver\PCI_PNP2408 \Device\00000053 spos.sys Device \Driver\usbehci \Device\USBPDO-3 876421F8 Device \Driver\usbohci \Device\USBPDO-4 876411F8 Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys (Network filtering component/Kaspersky Lab) Device \Driver\usbohci \Device\USBPDO-5 876411F8 Device \Driver\usbehci \Device\USBPDO-6 876421F8 Device \Driver\volmgr \Device\HarddiskVolume1 861401F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 861401F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 872181F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 861421F8 Device \Driver\atapi \Device\Ide\IdePort0 861421F8 Device \Driver\atapi \Device\Ide\IdePort1 861421F8 Device \Driver\atapi \Device\Ide\IdePort2 861421F8 Device \Driver\atapi \Device\Ide\IdePort3 861421F8 Device \Driver\atapi \Device\Ide\IdePort4 861421F8 Device \Driver\atapi \Device\Ide\IdePort5 861421F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 861421F8 Device \Driver\volmgr \Device\HarddiskVolume3 861401F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 872181F8 Device \Driver\volmgr \Device\HarddiskVolume4 861401F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 861401F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000083 AD2F71F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8733F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{83489CD9-55FF-4729-AE5A-CD914F26E6EC} 8733F1F8 Device \Driver\USBSTOR \Device\00000084 AD2F71F8 AttachedDevice \Driver\tdx \Device\Udp kltdi.sys (Network filtering component/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys (Network filtering component/Kaspersky Lab) Device \Driver\usbohci \Device\USBFDO-0 876411F8 Device \Driver\sptd \Device\2479340415 spos.sys Device \Driver\usbehci \Device\USBFDO-1 876421F8 Device \Driver\usbohci \Device\USBFDO-2 876411F8 Device \Driver\usbehci \Device\USBFDO-3 876421F8 Device \Driver\usbohci \Device\USBFDO-4 876411F8 Device \Driver\usbohci \Device\USBFDO-5 876411F8 Device \Driver\usbehci \Device\USBFDO-6 876421F8 Device \Driver\aa99vn7c \Device\Scsi\aa99vn7c1 8744A500 Device \Driver\aa99vn7c \Device\Scsi\aa99vn7c1Port6Path0Target0Lun0 8744A500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0xC0 0xC6 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0xD4 0x63 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0xCA 0x28 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x30 0x2A 0x48 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0xC0 0xC6 0x08 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0xD4 0x63 0xD0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0xCA 0x28 0xF5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x30 0x2A 0x48 0xCC ... ---- Files - GMER 1.0.15 ---- File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FO7.tmp 70861 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FO9.tmp 110642 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOE.tmp 101614 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOF.tmp 96330 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOG.tmp 172557 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOS.tmp 1025164 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOT.tmp 98781 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FOX.tmp 38942 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FP2.tmp 47431 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001E\opr00FP8.tmp 26247 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FPT.tmp 38333 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FPD.tmp 63608 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FQE.tmp 61712 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FQP.tmp 34976 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FR7.tmp 2059 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FRL.tmp 3057 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FRU.tmp 3543 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_001F\opr00FS5.tmp 50926 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FUE.tmp 2938 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FT2.tmp 2203 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FT8.tmp 2253 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FTB.tmp 51185 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FTC.tmp 6497 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FTN.tmp 2145 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FTO.tmp 44286 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FTR.tmp 6529 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FUG.tmp 13804 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FUO.tmp 2814 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FVG.tmp 14834 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0020\opr00FW1.tmp 26074 bytes File C:\Users\Małysz\AppData\Local\Opera\Opera\cache\g_0021\opr00FY2.tmp 11582 bytes File C:\Users\Małysz\AppData\Roaming\BITS\Torrent\20121028114310.torrent 21689 bytes File C:\Users\Małysz\AppData\Roaming\BITS\Torrent\20121028114317.torrent.filelist 1490 bytes File C:\Users\Małysz\AppData\Roaming\BITS\Torrent\20121028114325.torrent 54055 bytes File C:\Users\Małysz\AppData\Roaming\BITS\Torrent\20121028114332.torrent.filelist 666 bytes File C:\Users\Małysz\AppData\Roaming\BITS\Torrent\20121028114340.torrent 16686 bytes ---- EOF - GMER 1.0.15 ----