GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-13 16:40:28 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB Running: 0fy4jnl4.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\uwddakob.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8DE35B10] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8DE365EE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8DE425E0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8DE4262C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8DE427C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8DE4254E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8DE42670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8DE42596] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8DE36B24] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8DE36D40] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8DE42780] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8DE373DC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8DE35B76] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8DE3AB58] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8DE3575E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8DE35BDC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8DE3AF4E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8DE37E6C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8DE4260A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8DE4264E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8DE427EA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8DE42574] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8DE3A452] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8DE426FE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8DE425BE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8DE3A83A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8DE427A4] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8D35C0CC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8DE37D38] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8DE37A46] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8DE35C42] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8DE35CA8] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8D35C316] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8DE357F8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8DE359CE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8DE3595C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8DE375A6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8DE37708] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8DE35A56] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8D35C194] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8DE37236] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8DE35D0E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8DE3664A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E87A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82EC8460 4 Bytes [10, 5B, E3, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EC84E8 4 Bytes [EE, 65, E3, 8D] {OUT DX, AL; JECXZ 0xffffff91} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82EC853C 8 Bytes [E0, 25, E4, 8D, 2C, 26, E4, ...] {LOOPNZ 0x27; IN AL, 0x8d; SUB AL, 0x26; IN AL, 0x8d} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82EC8548 4 Bytes [C6, 27, E4, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EC8564 4 Bytes [4E, 25, E4, 8D] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\rundll32.exe[108] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[512] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1376] USER32.dll!RegisterMessagePumpHook + 2F1 75C78B9E 7 Bytes JMP 5A262180 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1376] USER32.dll!IsDialogMessageW + 340 75C84444 7 Bytes JMP 5A2621F1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1376] USER32.dll!GetWindowInfo 75C84B5E 5 Bytes JMP 5A265F7C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1376] USER32.dll!ToUnicodeEx + 71 75C92223 7 Bytes JMP 5A25F95F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1400] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1848] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 002303FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 59F0F920 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 75F3941E 7 Bytes JMP 5A6D329A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] KERNEL32.dll!QueryPerformanceCounter + 13 75F3C425 7 Bytes JMP 5A6D32BD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] KERNEL32.dll!LoadAppInitDlls + 355 75F3F4E6 7 Bytes JMP 59F140F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] KERNEL32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] GDI32.dll!GetViewportOrgEx + 26C 775D884B 7 Bytes JMP 5A6D321B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 50, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateKey + 6 7794564E 4 Bytes [68, 51, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateKey + B 77945653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateMutant + 6 7794568E 4 Bytes [68, 52, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateMutant + B 77945693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateSection + 6 7794572E 4 Bytes [A8, 52, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtCreateSection + B 77945733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 50, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenKey + 6 77945D4E 4 Bytes [A8, 51, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenKey + B 77945D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenKeyEx + B 77945D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenMutant + 6 77945D9E 4 Bytes [28, 52, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenMutant + B 77945DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [68, 53, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcessToken + 6 77945DDE 4 Bytes [A8, 53, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [68, 54, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenSection + B 77945E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [28, 53, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [28, 54, 07, 00] {SUB [EDI+EAX+0x0], DL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThreadTokenEx + 6 77945E6E 4 Bytes [A8, 54, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 50, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 51, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [28, 55, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] kernel32.dll!CreateProcessW 75EF204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] kernel32.dll!CreateProcessA 75EF2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!ActivateKeyboardLayout 75C78203 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!ScreenToClient 75C7A506 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!RegisterClipboardFormatA 75C7C091 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!RegisterClipboardFormatW 75C7DF8D 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!SetCursor 75C83075 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!MonitorFromWindow 75C83622 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!PostMessageW 75C8447B 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!IsWindowVisible 75C84D69 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClientRect 75C854DD 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!MapWindowPoints 75C85CAA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetParent 75C86029 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!EmptyClipboard 75C9290C 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!SetClipboardData 75C92962 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardData 75C92BA7 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardFormatNameW 75C95FD2 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!SetClipboardViewer 75C96FF6 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardFormatNameA 75C9700A 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!ChangeClipboardChain 75CA147C 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetTopWindow 75CA24D9 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!CloseClipboard 75CA446C 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!OpenClipboard 75CA447E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!IsClipboardFormatAvailable 75CA44FF 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardSequenceNumber 75CA4513 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardOwner 75CA4525 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!CountClipboardFormats 75CA470A 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!EnumClipboardFormats 75CA47EC 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetOpenClipboardWindow 75CA480B 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!SetCursorPos 75CBC1B0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetClipboardViewer 75CD4AF7 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] user32.DLL!GetPriorityClipboardFormat 75CD4BF9 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!DeleteObject 775D5F14 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SelectObject 775D6640 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetTextColor 775D6906 5 Bytes JMP 000D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetBkMode 775D69B1 5 Bytes JMP 000D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!DeleteDC 775D6EAA 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetDeviceCaps 775D6F7F 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!ExtSelectClipRgn 775D7114 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SelectClipRgn 775D7242 5 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetStretchBltMode 775D7705 5 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetCurrentObject 775D7917 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextMetricsW 775D7B8F 5 Bytes JMP 000D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextAlign 775D7DAF 5 Bytes JMP 000D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!IntersectClipRect 775D7DFE 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!ExtTextOutW 775D8192 5 Bytes JMP 000D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetTextAlign 775D828E 5 Bytes JMP 000D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetClipBox 775D8525 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!MoveToEx 775D8C21 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!StretchDIBits 775DA53E 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!RestoreDC 775DA67B 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SaveDC 775DA74B 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextExtentPoint32W 775DB4B5 5 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextFaceW 775DB73A 2 Bytes JMP 000D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextFaceW + 3 775DB73D 2 Bytes [AF, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetFontData 775DBCC4 5 Bytes JMP 000D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetWorldTransform 775DC90A 5 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!CreateDCA 775DCCA9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!CreateDCW 775DCF79 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!CreateICW 775DCFD0 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextMetricsA 775DD0F2 5 Bytes JMP 000D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!Rectangle 775DF1FF 5 Bytes JMP 000D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!LineTo 775DF59B 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetICMMode 775DFAA4 5 Bytes JMP 000D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!ExtTextOutA 775E0D20 5 Bytes JMP 000D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextExtentPoint32A 775E117F 5 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!ExtEscape 775E2D49 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!Escape 775E3400 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!ResetDCW 775E3A9B 5 Bytes JMP 000D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!EndPage 775E40DA 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetPolyFillMode 775E67E1 5 Bytes JMP 000D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SetMiterLimit 775E699D 5 Bytes JMP 000D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetTextFaceA 775F0D22 5 Bytes JMP 000D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!GetGlyphOutlineW 775FC2DA 5 Bytes JMP 000D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!CreateScalableFontResourceW 775FE937 5 Bytes JMP 000D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!AddFontResourceW 775FED33 5 Bytes JMP 000D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!RemoveFontResourceW 775FF229 5 Bytes JMP 000D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!AbortDoc 77604E29 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!EndDoc 77605270 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!StartPage 7760535B 5 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!StartDocW 77605D76 5 Bytes JMP 000D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!BeginPath 7760651D 5 Bytes JMP 000D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!SelectClipPath 77606574 5 Bytes JMP 000D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!CloseFigure 776065CF 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!EndPath 77606626 5 Bytes JMP 000D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!StrokePath 77606859 5 Bytes JMP 000D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!FillPath 776068E6 5 Bytes JMP 000D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!PolylineTo 77606D54 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!PolyBezierTo 77606DE5 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] GDI32.dll!PolyDraw 77606E97 5 Bytes JMP 000D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ole32.dll!OleSetClipboard 77800045 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ole32.dll!OleIsCurrentClipboard 778036B2 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe[4000] ole32.dll!OleGetClipboard 7782FDCD 5 Bytes JMP 000F00B0 .text C:\Windows\system32\SearchIndexer.exe[4032] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[4620] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] .text C:\Users\ADMIN\Desktop\0fy4jnl4.exe[5740] kernel32.dll!GetBinaryTypeW + 70 75F569E4 1 Byte [62] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----