GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-11 19:40:09 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C Running: e6yd1c3q.exe; Driver: C:\Users\Jarek\AppData\Local\Temp\kwddykog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81A913C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81ACAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x87514B2E] ---- User code sections - GMER 1.0.15 ---- .text D:\Programy\Mozilla Fierfox\firefox.exe[1728] ntdll.dll!LdrLoadDll 7744223E 5 Bytes JMP 6DF1FA35 D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\firefox.exe[1728] kernel32.dll!MapViewOfFile 76CB93DB 5 Bytes JMP 6E1C079E D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\firefox.exe[1728] kernel32.dll!VirtualAlloc 76CBC43A 5 Bytes JMP 6E1C07C5 D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\firefox.exe[1728] GDI32.dll!CreateDIBSection 75A78850 5 Bytes JMP 6E1C0728 D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\plugin-container.exe[1848] USER32.dll!SetWindowLongA 75AC8BA3 5 Bytes JMP 6E2C003B D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\plugin-container.exe[1848] USER32.dll!SetWindowLongW 75AD4449 5 Bytes JMP 6E2BFFCA D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\plugin-container.exe[1848] USER32.dll!GetWindowInfo 75AD4B5E 5 Bytes JMP 6E09AEF3 D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text D:\Programy\Mozilla Fierfox\plugin-container.exe[1848] USER32.dll!TrackPopupMenu 75AE2228 5 Bytes JMP 6E09B50D D:\Programy\Mozilla Fierfox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateFile + 6 774255CE 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateFile + B 774255D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateKey + 6 7742560E 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateKey + B 77425613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateMutant + 6 7742564E 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateMutant + B 77425653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateSection + 6 774256EE 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtCreateSection + B 774256F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtMapViewOfSection + 6 77425C2E 4 Bytes CALL 76426337 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtMapViewOfSection + B 77425C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenFile + 6 77425CDE 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenFile + B 77425CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenKey + 6 77425D0E 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenKey + B 77425D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenKeyEx + 6 77425D1E 4 Bytes CALL 76426424 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenKeyEx + B 77425D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenMutant + 6 77425D5E 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenMutant + B 77425D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcess + 6 77425D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcess + 6 77425D8E 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcess + B 77425D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcessToken + 6 77425D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcessToken + 6 77425D9E 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcessToken + B 77425DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcessTokenEx + 6 77425DAE 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenProcessTokenEx + B 77425DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenSection + 6 77425DCE 4 Bytes CALL 764264D5 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenSection + B 77425DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThread + 6 77425E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThread + 6 77425E0E 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThread + B 77425E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThreadToken + 6 77425E1E 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThreadToken + B 77425E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThreadTokenEx + 6 77425E2E 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtOpenThreadTokenEx + B 77425E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtQueryAttributesFile + 6 77425F3E 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtQueryAttributesFile + B 77425F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtQueryFullAttributesFile + 6 77425FEE 4 Bytes CALL 764266F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtQueryFullAttributesFile + B 77425FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtSetInformationFile + 6 7742663E 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtSetInformationFile + B 77426643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtSetInformationThread + 6 7742669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtSetInformationThread + 6 7742669E 4 Bytes CALL 76426DA6 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtSetInformationThread + B 774266A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtUnmapViewOfSection + 6 774269BE 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ntdll.dll!NtUnmapViewOfSection + B 774269C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] kernel32.dll!CreateProcessW 76C7204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] kernel32.dll!CreateProcessA 76C72082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!DeleteObject 75A75F14 5 Bytes JMP 000A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SelectObject 75A76640 5 Bytes JMP 000A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetTextColor 75A76906 5 Bytes JMP 000A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetBkMode 75A769B1 5 Bytes JMP 000A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!DeleteDC 75A76EAA 5 Bytes JMP 000A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetDeviceCaps 75A76F7F 5 Bytes JMP 000A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!ExtSelectClipRgn 75A77114 5 Bytes JMP 000A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SelectClipRgn 75A77242 5 Bytes JMP 000A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetStretchBltMode 75A77705 5 Bytes JMP 000A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetCurrentObject 75A77917 5 Bytes JMP 000A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextMetricsW 75A77B8F 5 Bytes JMP 000A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextAlign 75A77DAF 5 Bytes JMP 000A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!IntersectClipRect 75A77DFE 5 Bytes JMP 000A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!ExtTextOutW 75A78192 5 Bytes JMP 000A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetTextAlign 75A7828E 5 Bytes JMP 000A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetClipBox 75A78525 5 Bytes JMP 000A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!MoveToEx 75A78C21 5 Bytes JMP 000A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!StretchDIBits 75A7A53E 5 Bytes JMP 000A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!RestoreDC 75A7A67B 5 Bytes JMP 000A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SaveDC 75A7A74B 5 Bytes JMP 000A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextExtentPoint32W 75A7B4B5 5 Bytes JMP 000A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextFaceW 75A7B73A 2 Bytes JMP 000A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextFaceW + 3 75A7B73D 2 Bytes [62, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetFontData 75A7BCC4 5 Bytes JMP 000A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetWorldTransform 75A7C90A 5 Bytes JMP 000A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!CreateDCA 75A7CCA9 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!CreateDCW 75A7CF79 5 Bytes JMP 000A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!CreateICW 75A7CFD0 5 Bytes JMP 000A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextMetricsA 75A7D0F2 5 Bytes JMP 000A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!Rectangle 75A7F1FF 5 Bytes JMP 000A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!LineTo 75A7F59B 5 Bytes JMP 000A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetICMMode 75A7FAA4 5 Bytes JMP 000A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!ExtTextOutA 75A803F9 5 Bytes JMP 000A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!ExtEscape 75A82949 5 Bytes JMP 000A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!Escape 75A83939 5 Bytes JMP 000A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetTextFaceA 75A83E6A 5 Bytes JMP 000A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetPolyFillMode 75A8D851 5 Bytes JMP 000A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SetMiterLimit 75A8DA0D 5 Bytes JMP 000A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!EndPage 75A900D7 5 Bytes JMP 000A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!ResetDCW 75A9050D 5 Bytes JMP 000A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!GetGlyphOutlineW 75A9C1BA 5 Bytes JMP 000A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!CreateScalableFontResourceW 75A9E817 5 Bytes JMP 000A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!AddFontResourceW 75A9EC13 5 Bytes JMP 000A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!RemoveFontResourceW 75A9F109 5 Bytes JMP 000A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!AbortDoc 75AA4C63 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!EndDoc 75AA50AA 5 Bytes JMP 000A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!StartPage 75AA5195 5 Bytes JMP 000A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!StartDocW 75AA5BB0 5 Bytes JMP 000A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!BeginPath 75AA635D 5 Bytes JMP 000A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!SelectClipPath 75AA63B4 5 Bytes JMP 000A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!CloseFigure 75AA640F 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!EndPath 75AA6466 5 Bytes JMP 000A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!StrokePath 75AA6699 5 Bytes JMP 000A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!FillPath 75AA6726 5 Bytes JMP 000A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!PolylineTo 75AA6B94 5 Bytes JMP 000A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!PolyBezierTo 75AA6C25 5 Bytes JMP 000A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] GDI32.dll!PolyDraw 75AA6CD7 5 Bytes JMP 000A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!ActivateKeyboardLayout 75AC8203 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!ScreenToClient 75ACA506 7 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!RegisterClipboardFormatA 75ACC091 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!RegisterClipboardFormatW 75ACDF8D 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!SetCursor 75AD3075 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!MonitorFromWindow 75AD3622 7 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!PostMessageW 75AD447B 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!IsWindowVisible 75AD4D69 7 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClientRect 75AD54DD 7 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!MapWindowPoints 75AD5CAA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetParent 75AD6029 7 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!EmptyClipboard 75AE290C 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!SetClipboardData 75AE2962 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardData 75AE2BA7 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardFormatNameW 75AE5FD2 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!SetClipboardViewer 75AE6FF6 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardFormatNameA 75AE700A 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!ChangeClipboardChain 75AF147C 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetTopWindow 75AF24D9 7 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!CloseClipboard 75AF446C 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!OpenClipboard 75AF447E 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!IsClipboardFormatAvailable 75AF44FF 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardSequenceNumber 75AF4513 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardOwner 75AF4525 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!CountClipboardFormats 75AF470A 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!EnumClipboardFormats 75AF47EC 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetOpenClipboardWindow 75AF480B 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!SetCursorPos 75B0C1B0 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetClipboardViewer 75B24AF7 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] USER32.dll!GetPriorityClipboardFormat 75B24BF9 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ole32.dll!OleSetClipboard 77250045 5 Bytes JMP 00270030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ole32.dll!OleIsCurrentClipboard 772536B2 5 Bytes JMP 00270070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] ole32.dll!OleGetClipboard 7727FDCD 5 Bytes JMP 002700B0 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 000B0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000B07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1880] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----