GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-06 18:09:03 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3250620A rev.3.AAE Running: gmer.exe; Driver: C:\Users\kuba\AppData\Local\Temp\aftcaaog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81C4A599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C6F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[316] USER32.dll!SetWindowLongA 763FB1E3 5 Bytes JMP 6DFA003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[316] USER32.dll!SetWindowLongW 76406614 5 Bytes JMP 6DF9FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[316] USER32.dll!GetWindowInfo 76406A82 5 Bytes JMP 6DD7AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[316] USER32.dll!TrackPopupMenu 76424B3B 5 Bytes JMP 6DD7B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateFile + 6 77B846B6 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateFile + B 77B846BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateKey + 6 77B846F6 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateKey + B 77B846FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateMutant + 6 77B84736 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateMutant + B 77B8473B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateSection + 6 77B847D6 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtCreateSection + B 77B847DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtMapViewOfSection + 6 77B84D16 4 Bytes CALL 76B8541F C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtMapViewOfSection + B 77B84D1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenFile + 6 77B84DC6 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenFile + B 77B84DCB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenKey + 6 77B84DF6 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenKey + B 77B84DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenKeyEx + 6 77B84E06 4 Bytes CALL 76B8550C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenKeyEx + B 77B84E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenMutant + 6 77B84E46 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenMutant + B 77B84E4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcess + 6 77B84E76 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcess + 6 77B84E76 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcess + B 77B84E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcessToken + 6 77B84E86 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcessToken + 6 77B84E86 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcessToken + B 77B84E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcessTokenEx + 6 77B84E96 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenProcessTokenEx + B 77B84E9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenSection + 6 77B84EB6 4 Bytes CALL 76B855BD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenSection + B 77B84EBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThread + 6 77B84EF6 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThread + 6 77B84EF6 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThread + B 77B84EFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThreadToken + 6 77B84F06 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThreadToken + B 77B84F0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThreadTokenEx + 6 77B84F16 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtOpenThreadTokenEx + B 77B84F1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtQueryAttributesFile + 6 77B85026 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtQueryAttributesFile + B 77B8502B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtQueryFullAttributesFile + 6 77B850D6 4 Bytes CALL 76B857DB C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtQueryFullAttributesFile + B 77B850DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtSetInformationFile + 6 77B85726 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtSetInformationFile + B 77B8572B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtSetInformationThread + 6 77B85786 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtSetInformationThread + 6 77B85786 4 Bytes CALL 76B85E8E C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtSetInformationThread + B 77B8578B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtUnmapViewOfSection + 6 77B85AA6 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ntdll.dll!NtUnmapViewOfSection + B 77B85AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] kernel32.dll!CreateProcessW 7607202D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] kernel32.dll!CreateProcessA 76072062 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SelectObject 772461D0 5 Bytes JMP 003105F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetTextColor 77246622 5 Bytes JMP 003109F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetBkMode 772466CD 5 Bytes JMP 003108B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!DeleteObject 772468B4 5 Bytes JMP 003101B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!DeleteDC 77246A2C 5 Bytes JMP 00310170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!ExtSelectClipRgn 77246C72 5 Bytes JMP 003102F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SelectClipRgn 77246D84 5 Bytes JMP 003105B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetDeviceCaps 77246E03 5 Bytes JMP 003103B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetStretchBltMode 772473CE 5 Bytes JMP 00310670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetCurrentObject 7724777C 5 Bytes JMP 00310370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextMetricsW 7724798F 5 Bytes JMP 00310DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!IntersectClipRect 77247CCA 5 Bytes JMP 003103F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextAlign 77247D15 5 Bytes JMP 00310D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetTextAlign 77247F92 5 Bytes JMP 003109B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!ExtTextOutW 77248053 5 Bytes JMP 00310930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetClipBox 772481F2 5 Bytes JMP 00310330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!MoveToEx 77248A16 5 Bytes JMP 00310470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!CreateDCA 77249975 5 Bytes JMP 003100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!RestoreDC 77249A10 5 Bytes JMP 00310530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SaveDC 77249AD2 5 Bytes JMP 00310570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!StretchDIBits 7724AC38 5 Bytes JMP 00310730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextFaceW 7724B4CC 5 Bytes JMP 00310CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextExtentPoint32W 7724B535 5 Bytes JMP 00310630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetFontData 7724B8E8 5 Bytes JMP 00310C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!CreateDCW 7724BD21 5 Bytes JMP 003100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!CreateICW 7724C660 5 Bytes JMP 00310130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!LineTo 7724CA20 5 Bytes JMP 00310430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetWorldTransform 7724CB42 5 Bytes JMP 003106B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextMetricsA 7724CE46 5 Bytes JMP 00310DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!Rectangle 7724F5BE 5 Bytes JMP 00310970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetICMMode 7724F8D4 5 Bytes JMP 00310D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!ExtTextOutA 77250158 5 Bytes JMP 003108F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!Escape 77250B0D 5 Bytes JMP 00310270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!ExtEscape 77253472 5 Bytes JMP 003102B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetTextFaceA 77253E49 5 Bytes JMP 00310CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetPolyFillMode 77256CE1 5 Bytes JMP 00310AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SetMiterLimit 77256E54 5 Bytes JMP 00310B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!ResetDCW 7726031C 5 Bytes JMP 00310A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!EndPage 772607CD 5 Bytes JMP 00310230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!GetGlyphOutlineW 7726C292 5 Bytes JMP 00310C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!CreateScalableFontResourceW 7726E8EF 5 Bytes JMP 00310B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!AddFontResourceW 7726ECEB 5 Bytes JMP 00310BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!RemoveFontResourceW 7726F1E1 5 Bytes JMP 00310BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!AbortDoc 77274D37 5 Bytes JMP 00310030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!EndDoc 7727517E 5 Bytes JMP 003101F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!StartPage 77275269 5 Bytes JMP 003106F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!StartDocW 77275BB6 5 Bytes JMP 003107B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!BeginPath 7727635D 5 Bytes JMP 003107F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!SelectClipPath 772763B4 5 Bytes JMP 00310AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!CloseFigure 7727640F 5 Bytes JMP 00310070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!EndPath 77276466 5 Bytes JMP 00310A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!StrokePath 77276699 5 Bytes JMP 00310770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!FillPath 77276726 5 Bytes JMP 00310830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!PolylineTo 77276B94 5 Bytes JMP 003104F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!PolyBezierTo 77276C25 5 Bytes JMP 003104B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] GDI32.dll!PolyDraw 77276CD7 5 Bytes JMP 00310870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!ActivateKeyboardLayout 763F817D 5 Bytes JMP 003204F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!ScreenToClient 763FC1F2 7 Bytes JMP 00320670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!RegisterClipboardFormatA 763FE6B1 5 Bytes JMP 003202F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!RegisterClipboardFormatW 763FEDFD 5 Bytes JMP 003202B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!SetCursor 764052EA 5 Bytes JMP 00320530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!MonitorFromWindow 7640590A 7 Bytes JMP 00320630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!PostMessageW 76406225 5 Bytes JMP 003205F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!IsWindowVisible 76406939 7 Bytes JMP 003206B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClientRect 764074B1 7 Bytes JMP 003205B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!MapWindowPoints 76407915 5 Bytes JMP 00320570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetParent 76407AB3 7 Bytes JMP 003206F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!SetClipboardData 76414979 5 Bytes JMP 00320170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!EmptyClipboard 76414A28 5 Bytes JMP 00320130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardData 76414B47 5 Bytes JMP 00320030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!EnumClipboardFormats 76414D98 5 Bytes JMP 003201B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardFormatNameW 76417EB2 5 Bytes JMP 00320230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!SetClipboardViewer 76418F4D 5 Bytes JMP 003204B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardFormatNameA 76418F61 5 Bytes JMP 00320270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetOpenClipboardWindow 7641902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetOpenClipboardWindow 7641902F 5 Bytes JMP 003203F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!ChangeClipboardChain 76423425 5 Bytes JMP 00320430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetTopWindow 76423A5D 7 Bytes JMP 00320730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!CloseClipboard 76425BA7 5 Bytes JMP 003200B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!OpenClipboard 76425BB9 5 Bytes JMP 00320070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!IsClipboardFormatAvailable 76425C3A 5 Bytes JMP 003200F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardSequenceNumber 76425C4E 5 Bytes JMP 00320330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardOwner 76425C60 5 Bytes JMP 00320370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!CountClipboardFormats 76425DC9 5 Bytes JMP 003201F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!SetCursorPos 7643C1D8 5 Bytes JMP 00320770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetClipboardViewer 76454B57 5 Bytes JMP 00320470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] USER32.dll!GetPriorityClipboardFormat 76454C59 5 Bytes JMP 003203B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ole32.dll!OleSetClipboard 77A3F2FE 5 Bytes JMP 00330030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ole32.dll!OleIsCurrentClipboard 77A42489 5 Bytes JMP 00330070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] ole32.dll!OleGetClipboard 77A6F825 5 Bytes JMP 003300B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrLoadDll 77B9F425 5 Bytes JMP 6DBFFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!MapViewOfFile 760BC05C 5 Bytes JMP 6DEA079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!VirtualAlloc 760C0594 5 Bytes JMP 6DEA07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1944] GDI32.dll!CreateDIBSection 772485F0 5 Bytes JMP 6DEA0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 003207D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00320790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 003207D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[864] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000100 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000100 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Harry Potter i Zakon Feniksa\x2122\Usuñ Harry Potter i Zakon Feniksa\x2122.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Harry Potter i Zakon Feniksa\x2122\Usuñ Harry Potter i Zakon Feniksa\x2122.lnk 1 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 PE file @ sector 488392065 ---- EOF - GMER 1.0.15 ----